CVE-2025-47279
EUVD-2025-1538915.05.2025, 18:15
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| nodejs | undici | 𝑥 < 5.29.0 | CNA |
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| nodejs20 |
| ||
| nodejs20-debuginfo |
| ||
| nodejs20-debugsource |
| ||
| nodejs20-devel |
| ||
| nodejs20-docs |
| ||
| nodejs20-full-i18n |
| ||
| nodejs20-libs |
| ||
| nodejs20-libs-debuginfo |
| ||
| nodejs20-npm |
| ||
| nodejs22 |
| ||
| nodejs22-debuginfo |
| ||
| nodejs22-debugsource |
| ||
| nodejs22-devel |
| ||
| nodejs22-docs |
| ||
| nodejs22-full-i18n |
| ||
| nodejs22-libs |
| ||
| nodejs22-libs-debuginfo |
| ||
| nodejs22-npm |
| ||
| v8-11.3-devel |
| ||
| v8-12.4-devel |
|
Azure Linux Releases
Common Weakness Enumeration