Security Advisory

CVE-2024-30261

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-04 15:09:11

Last updated 2025-11-04 16:11:56

Assigner GitHub_M

State PUBLISHED

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

← Browse all CVEs View on cve.org ↗