Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fedoraproject
Fedoraproject fedora Nodejs Nodejs undici |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
|
Vendors & Products |
Fedoraproject
Fedoraproject fedora Nodejs Nodejs undici |
Sat, 14 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat openshift Devspaces |
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 | |
Vendors & Products |
Redhat
Redhat openshift Devspaces |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-04T15:15:44.653Z
Updated: 2024-08-02T01:32:05.438Z
Reserved: 2024-03-26T12:52:00.934Z
Link: CVE-2024-30260
Vulnrichment
Updated: 2024-08-02T01:32:05.438Z
NVD
Status : Analyzed
Published: 2024-04-04T16:15:08.877
Modified: 2024-12-18T19:19:52.700
Link: CVE-2024-30260
Redhat