Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
History

Wed, 18 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici
Weaknesses CWE-863
CPEs cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici

Sat, 14 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products Redhat
Redhat openshift Devspaces

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T15:15:44.653Z

Updated: 2024-08-02T01:32:05.438Z

Reserved: 2024-03-26T12:52:00.934Z

Link: CVE-2024-30260

cve-icon Vulnrichment

Updated: 2024-08-02T01:32:05.438Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-04T16:15:08.877

Modified: 2024-12-18T19:19:52.700

Link: CVE-2024-30260

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-04T00:00:00Z

Links: CVE-2024-30260 - Bugzilla