← voltar
CVE-2024-24750

Backpressure request ignored in fetch() in Undici

CVSS 6.5 MEDIUMEPSS 0.7%CWE-400
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Produtos afetados
nodejs · undici

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcwhttps://security.netapp.com/advisory/ntap-20240419-0006/