Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fedoraproject
Fedoraproject fedora Nodejs Nodejs undici |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
|
Vendors & Products |
Fedoraproject
Fedoraproject fedora Nodejs Nodejs undici |
Sat, 14 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat openshift Devspaces |
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 | |
Vendors & Products |
Redhat
Redhat openshift Devspaces |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-04T15:09:11.369Z
Updated: 2024-09-04T15:06:10.584Z
Reserved: 2024-03-26T12:52:00.934Z
Link: CVE-2024-30261
Vulnrichment
Updated: 2024-08-02T01:32:06.665Z
NVD
Status : Analyzed
Published: 2024-04-04T15:15:39.460
Modified: 2024-12-18T19:21:11.997
Link: CVE-2024-30261
Redhat