Количество 6
Количество 6
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, ...
GHSA-g9mf-h72j-4rw9
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
SUSE-SU-2026:0301-1
Security update for nodejs22
SUSE-SU-2026:0295-1
Security update for nodejs22
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0. | CVSS3: 5.9 | 0% Низкий | 26 дней назад |
 | CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0. | CVSS3: 5.9 | 0% Низкий | 26 дней назад |
| CVE-2026-22036 Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, ... | CVSS3: 5.9 | 0% Низкий | 26 дней назад |
| GHSA-g9mf-h72j-4rw9 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | CVSS3: 5.9 | 0% Низкий | 26 дней назад |
 | SUSE-SU-2026:0301-1 Security update for nodejs22 | 13 дней назад | ||
| SUSE-SU-2026:0295-1 Security update for nodejs22 | 14 дней назад |
Уязвимостей на страницу