Описание
fetch(url) leads to a memory leak in undici
Impact
Calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.
Patches
Patched in v6.6.1
Workarounds
Make sure to always consume the incoming body.
Ссылки
- https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
- https://nvd.nist.gov/vuln/detail/CVE-2024-24750
- https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
- https://github.com/nodejs/undici/releases/tag/v6.6.1
- https://security.netapp.com/advisory/ntap-20240419-0006
Пакеты
undici
>= 6.0.0, <= 6.6.0
6.6.1
Связанные уязвимости
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Undici is an HTTP/1.1 client, written from scratch for Node.js. In aff ...
Уязвимость функции fetch() клиента HTTP/1.1 Undici программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании