CVE-2024-30260 — Vulnetix

CVE-2024-30260 PUBLISHED

EPSS 0.20% · 41.7th percentile

Risk Scores

EPSS Score

0.20%

41.7th percentile

Affected Products

Vendor	Product	Versions
Cloudflare	stream
Amazon	nodejs

Exploit Intelligence

Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
Proxy-Authorization header not cleared on cross-origin redirect in undici.request (hackerone)
https://hackerone.com/reports/2408074 (osv)
vulnerability_matcher_validation_test.go (github-poc)
vulnerability_matcher_validation_test.go (github-poc)
vulnerability_matcher_validation_test.go (github-poc)

…and 7 more exploits

Timeline

CVE Published
Jan 21, 1970 Security Advisory
Apr 5, 2024 EPSS Score
Apr 30, 2024 EPSS Score
May 3, 2024 PoC Published
May 26, 2024 EPSS Score
May 29, 2024 PoC Published
Jun 21, 2024 EPSS Score
Jul 16, 2024 EPSS Score
Aug 10, 2024 EPSS Score
Sep 5, 2024 EPSS Score
Sep 30, 2024 EPSS Score

References

ALAS2023-2024-694: nodejs (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›