VDB
DEBIAN-CVE-2024-30260
DEBIAN-CVE-2024-30260
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | node-undici | 0, 0 |
| Debian:12 | node-undici | *, *, * |
| Debian:13 | node-undici | 0, 0 |
Timeline
- Apr 4, 2024 CVE Published
- Apr 28, 2026 CVE Updated