Описание
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Ссылки
- Patch
- Patch
- Vendor Advisory
- ExploitIssue Tracking
- Product
- Product
- Product
- Patch
- Patch
- Vendor Advisory
- ExploitIssue Tracking
- Product
- Product
- Product
Уязвимые конфигурации
Одно из
Одно из
EPSS
2.6 Low
CVSS3
3.5 Low
CVSS3
Дефекты
Связанные уязвимости
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
EPSS
2.6 Low
CVSS3
3.5 Low
CVSS3