Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
History

Wed, 18 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici

Sat, 14 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products Redhat
Redhat openshift Devspaces

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T15:09:11.369Z

Updated: 2024-09-04T15:06:10.584Z

Reserved: 2024-03-26T12:52:00.934Z

Link: CVE-2024-30261

cve-icon Vulnrichment

Updated: 2024-08-02T01:32:06.665Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-04T15:15:39.460

Modified: 2024-12-18T19:21:11.997

Link: CVE-2024-30261

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-04T00:00:00Z

Links: CVE-2024-30261 - Bugzilla