CVE-2024-30261
EUVD-2024-117604.04.2024, 15:15
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nodejs | undici | 𝑥 < 5.28.4 |
| nodejs | undici | 6.0.0 ≤ 𝑥 < 6.11.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| nodejs | undici | 6.0.0 ≤ 𝑥 < 6.11.1 | ADP |
| nodejs | undici | 𝑥 < 5.28.4 | ADP |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||
|---|---|---|---|---|---|---|---|
| nodejs16 |
| ||||||
| nodejs16-devel |
| ||||||
| nodejs16-docs |
| ||||||
| nodejs18 |
| ||||||
| nodejs18-devel |
| ||||||
| nodejs18-docs |
| ||||||
| nodejs20 |
| ||||||
| nodejs20-devel |
| ||||||
| nodejs20-docs |
| ||||||
| npm16 |
| ||||||
| npm18 |
| ||||||
| npm20 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| nodejs |
| ||
| nodejs-debuginfo |
| ||
| nodejs-debugsource |
| ||
| nodejs-devel |
| ||
| nodejs-docs |
| ||
| nodejs-full-i18n |
| ||
| nodejs-libs |
| ||
| nodejs-libs-debuginfo |
| ||
| nodejs-npm |
| ||
| nodejs20 |
| ||
| nodejs20-debuginfo |
| ||
| nodejs20-debugsource |
| ||
| nodejs20-devel |
| ||
| nodejs20-docs |
| ||
| nodejs20-full-i18n |
| ||
| nodejs20-libs |
| ||
| nodejs20-libs-debuginfo |
| ||
| nodejs20-npm |
| ||
| v8-10.2-devel |
| ||
| v8-11.3-devel |
|
Azure Linux Releases
Common Weakness Enumeration
References