Improper Authorization
CVE-2024-30260
Summary
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability affects versions through 5.28.3, and 6.0.0 through 6.11.0.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- HIGH
- LOW
- LOW
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published