Vulnerabilities > CVE-2024-30260 - Incorrect Authorization vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

nodejs

fedoraproject

CWE-863

NVD

Published: 2024-04-04

Updated: 2024-12-18

Summary

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

Vulnerable Configurations

Part	Description	Count
Application	Nodejs Nodejs Undici - Nodejs Undici 1.0.0 Nodejs Undici 1.0.1 Nodejs Undici 1.0.2 Nodejs Undici 1.0.3 Nodejs Undici 1.1.0 Nodejs Undici 1.2.0 Nodejs Undici 1.2.1 Nodejs Undici 1.2.2 Nodejs Undici 1.2.4 Nodejs Undici 1.2.5 Nodejs Undici 1.2.6 Nodejs Undici 1.3.0 Nodejs Undici 1.3.1 Nodejs Undici 2.0.0 Nodejs Undici 2.0.1 Nodejs Undici 2.0.2 Nodejs Undici 2.0.3 Nodejs Undici 2.0.4 Nodejs Undici 2.0.5 Nodejs Undici 2.0.6 Nodejs Undici 2.0.7 Nodejs Undici 2.1.0 Nodejs Undici 2.1.1 Nodejs Undici 2.2.0 Nodejs Undici 2.2.1 Nodejs Undici 3.0.0 Nodejs Undici 3.1.0 Nodejs Undici 3.2.0 Nodejs Undici 3.3.0 Nodejs Undici 3.3.1 Nodejs Undici 3.3.2 Nodejs Undici 3.3.3 Nodejs Undici 3.3.4 Nodejs Undici 3.3.5 Nodejs Undici 3.3.6 Nodejs Undici 4.0.0 Nodejs Undici 4.1.0 Nodejs Undici 4.1.1 Nodejs Undici 4.2.0 Nodejs Undici 4.2.1 Nodejs Undici 4.2.2 Nodejs Undici 4.3.0 Nodejs Undici 4.3.1 Nodejs Undici 4.4.0 Nodejs Undici 4.4.1 Nodejs Undici 4.4.2 Nodejs Undici 4.4.3 Nodejs Undici 4.4.4 Nodejs Undici 4.4.5 Nodejs Undici 4.4.6 Nodejs Undici 4.4.7 Nodejs Undici 4.5.0 Nodejs Undici 4.5.1 Nodejs Undici 4.6.0 Nodejs Undici 4.7.0 Nodejs Undici 4.7.1 Nodejs Undici 4.7.2 Nodejs Undici 4.7.3 Nodejs Undici 4.8.0 Nodejs Undici 4.8.1 Nodejs Undici 4.8.2 Nodejs Undici 4.9.0 Nodejs Undici 4.9.1 Nodejs Undici 4.9.2 Nodejs Undici 4.9.3 Nodejs Undici 4.9.4 Nodejs Undici 4.9.5 Nodejs Undici 4.10.0 Nodejs Undici 4.10.1 Nodejs Undici 4.10.2 Nodejs Undici 4.10.3 Nodejs Undici 4.10.4 Nodejs Undici 4.11.0 Nodejs Undici 4.11.1 Nodejs Undici 4.11.2 Nodejs Undici 4.11.3 Nodejs Undici 4.12.0 Nodejs Undici 4.12.1 Nodejs Undici 4.12.2 Nodejs Undici 4.13.0 Nodejs Undici 4.14.0 Nodejs Undici 4.14.1 Nodejs Undici 4.15.0 Nodejs Undici 4.15.1 Nodejs Undici 4.16.0 Nodejs Undici 5.0.0 Nodejs Undici 5.1.0 Nodejs Undici 5.1.1 Nodejs Undici 5.2.0 Nodejs Undici 5.3.0 Nodejs Undici 5.4.0 Nodejs Undici 5.5.0 Nodejs Undici 5.5.1 Nodejs Undici 5.6.0 Nodejs Undici 5.6.1 Nodejs Undici 5.7.0 Nodejs Undici 5.7.1 Nodejs Undici 5.8.0 Nodejs Undici 5.8.1 Nodejs Undici 5.8.2 Nodejs Undici 5.9.1 Nodejs Undici 5.10.0 Nodejs Undici 5.11.0 Nodejs Undici 5.12.0 Nodejs Undici 5.13.0 Nodejs Undici 5.14.0 Nodejs Undici 5.15.0 Nodejs Undici 5.15.1 Nodejs Undici 5.15.2 Nodejs Undici 5.16.0 Nodejs Undici 5.17.0 Nodejs Undici 5.17.1 Nodejs Undici 5.18.0 Nodejs Undici 5.19.0 Nodejs Undici 5.19.1 Nodejs Undici 5.20.0 Nodejs Undici 5.21.0 Nodejs Undici 5.21.1 Nodejs Undici 5.21.2 Nodejs Undici 5.22.0 Nodejs Undici 5.22.1 Nodejs Undici 5.23.0 Nodejs Undici 5.23.4 Nodejs Undici 5.24.0 Nodejs Undici 5.25.0 Nodejs Undici 5.25.1 Nodejs Undici 5.25.2 Nodejs Undici 5.25.3 Nodejs Undici 5.26.0 Nodejs Undici 5.26.1 Nodejs Undici 5.26.2 Nodejs Undici 5.26.3 Nodejs Undici 5.26.4 Nodejs Undici 5.26.5 Nodejs Undici 5.27.0 Nodejs Undici 5.27.1 Nodejs Undici 5.27.2 Nodejs Undici 5.28.0 Nodejs Undici 5.28.1 Nodejs Undici 5.28.2 Nodejs Undici 5.28.3 Nodejs Undici 6.0.0 Nodejs Undici 6.0.1 Nodejs Undici 6.1.0 Nodejs Undici 6.2.0 Nodejs Undici 6.2.1 Nodejs Undici 6.3.0 Nodejs Undici 6.4.0 Nodejs Undici 6.5.0 Nodejs Undici 6.6.0 Nodejs Undici 6.6.1 Nodejs Undici 6.6.2 Nodejs Undici 6.7.0 Nodejs Undici 6.7.1 Nodejs Undici 6.8.0 Nodejs Undici 6.9.0 Nodejs Undici 6.10.0 Nodejs Undici 6.10.1 Nodejs Undici 6.10.2 Nodejs Undici 6.11.0	175
OS	Fedoraproject Fedoraproject Fedora 38 Fedoraproject Fedora 39 Fedoraproject Fedora 40	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References