Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2024-24750
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
| Software | From | Fixed in |
|---|---|---|
undici
|
6.0.0 | 6.6.1 |
| nodejs / undici | 6.0.0 | 6.6.1 |
- https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
- https://github.com/nodejs/undici/releases/tag/v6.6.1
- https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
- https://security.netapp.com/advisory/ntap-20240419-0006
- https://security.netapp.com/advisory/ntap-20240419-0006/