CVE-2024-30260

Publication date

2024-04-04 15:15:44

Family

GitHub_M

State

PUBLISHED

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.