Уязвимость CVE-2024-30260

CVE-2024-30260

CVSS3: 3.9

ubuntu

почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVE-2024-30260

CVSS3: 3.9

redhat

почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVE-2024-30260

CVSS3: 3.9

nvd

почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVE-2024-30260

CVSS3: 3.9

debian

почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...

GHSA-m4v8-wqvr-p9f7

CVSS3: 3.9

github

почти 2 года назад

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

exploitDog

CVE-2024-30260

Описание

Возможность эксплуатации

Связанные уязвимости