Количество 10
Количество 10
GHSA-g9mf-h72j-4rw9
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, ...
openSUSE-SU-2026:20236-1
Security update for nodejs22
SUSE-SU-2026:0457-1
Security update for nodejs20
SUSE-SU-2026:0435-1
Security update for nodejs20
SUSE-SU-2026:0301-1
Security update for nodejs22
SUSE-SU-2026:0295-1
Security update for nodejs22
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-g9mf-h72j-4rw9 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | CVSS3: 5.9 | 0% Низкий | 2 месяца назад |
 | CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0. | CVSS3: 5.9 | 0% Низкий | 2 месяца назад |
 | CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0. | CVSS3: 3.7 | 0% Низкий | 2 месяца назад |
 | CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0. | CVSS3: 5.9 | 0% Низкий | 2 месяца назад |
| CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, ... | CVSS3: 5.9 | 0% Низкий | 2 месяца назад |
 | openSUSE-SU-2026:20236-1 Security update for nodejs22 | около 1 месяца назад | ||
| SUSE-SU-2026:0457-1 Security update for nodejs20 | около 2 месяцев назад | ||
| SUSE-SU-2026:0435-1 Security update for nodejs20 | около 2 месяцев назад | ||
| SUSE-SU-2026:0301-1 Security update for nodejs22 | 2 месяца назад | ||
| SUSE-SU-2026:0295-1 Security update for nodejs22 | 2 месяца назад |
Уязвимостей на страницу