1. Home
  2. Vulnerabilities
  3. CVE-2024-30260

CVE-2024-30260

CVSS v3.1 3.9 (Low)
39% Progress
EPSS 0.04 % (11th)
0.04% Progress
Advisories 8
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request(). This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

Weaknesses
CWE-285
Improper Authorization
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
GitHub, Inc.
Published Date
2024-04-04 16:15:08
(5 months ago)
Updated Date
2024-04-19 23:15:11
(5 months ago)