Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 18 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Nodejs
Nodejs undici

Sat, 14 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products Redhat
Redhat openshift Devspaces

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-02-13T17:47:48.137Z

Reserved: 2024-03-26T12:52:00.934Z

Link: CVE-2024-30261

cve-icon Vulnrichment

Updated: 2024-08-02T01:32:06.665Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-04T15:15:39.460

Modified: 2024-12-18T19:21:11.997

Link: CVE-2024-30261

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-04T00:00:00Z

Links: CVE-2024-30261 - Bugzilla

cve-icon OpenCVE Enrichment

No data.