Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-24758

Опубликовано: 16 фев. 2024
Источник: redhat
CVSS3: 3.9
EPSS Низкий

Описание

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A sensitive information exposure vulnerability was found in undici. In this issue, it cleared Authorization headers on cross-origin redirects but did not clear the Proxy-Authentication headers.

Отчет

This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apache Camel - HawtIO 4undiciNot affected
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Not affected
Red Hat Enterprise Linux 10nodejs-undiciNot affected
Red Hat Openshift Data Foundation 4odf4/mcg-core-rhel9Not affected
Red Hat OpenShift Dev Spacesdevspaces/dashboard-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2264730undici: sensitive information exposure

EPSS

Процентиль: 43%
0.00205
Низкий

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-24758

CVSS3: 3.9
ubuntu
почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2024-24758

CVSS3: 3.9
nvd
почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

msrc логотип

CVE-2024-24758

CVSS3: 4.5
msrc
около 1 года назад

Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici

debian логотип

CVE-2024-24758

CVSS3: 3.9
debian
почти 2 года назад

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...

github логотип

GHSA-3787-6prv-h9w3

CVSS3: 3.9
github
почти 2 года назад

Undici proxy-authorization header not cleared on cross-origin redirect in fetch

EPSS

Процентиль: 43%
0.00205
Низкий

3.9 Low

CVSS3