VDB
DEBIAN-CVE-2024-24758
DEBIAN-CVE-2024-24758
PUBLISHED
CVSS 4.5 MEDIUM
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Risk Scores
CVSS v3.1
4.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | node-undici | 0, 0 |
| Debian:12 | node-undici | *, *, * |
| Debian:13 | node-undici | 0, 0 |
Timeline
- Feb 16, 2024 CVE Published
- Apr 28, 2026 CVE Updated