Debian Security Bug TrackerDEBIANCVE:CVE-2024-30261CVE-2024-30261
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
10.3%
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-undici | <= 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4 | node-undici_5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4_all.deb |
| Debian | 999 | all | node-undici | < 5.28.4+dfsg1+~cs23.12.11-1 | node-undici_5.28.4+dfsg1+~cs23.12.11-1_all.deb |
| Debian | 13 | all | node-undici | < 5.28.4+dfsg1+~cs23.12.11-1 | node-undici_5.28.4+dfsg1+~cs23.12.11-1_all.deb |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
10.3%