Описание
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-undici | not-affected | package |
Примечания
https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq
https://github.com/nodejs/undici/issues/3328
https://github.com/nodejs/undici/issues/3337
https://github.com/nodejs/undici/pull/3338
Introduced by: https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 (v6.14.0)
Fixed by: https://github.com/nodejs/undici/commit/035524e71756f1f6e2f9886f3c7227394bdb5363 (v6.19.2)
Связанные уязвимости
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
Undici vulnerable to data leak when using response.arrayBuffer()