CVE-2024-24750

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24750

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24750.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24750

Aliases

GHSA-9f24-jqhm-jfcw

Related

Published

2024-02-16T22:15:07Z

Modified

2025-01-08T15:52:30.031533Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.

References

Affected packages

Git / github.com/nodejs/undici

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/undici
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

87a48113f1f68f60aa09abb07276d7c35467c663

Fixed

87a48113f1f68f60aa09abb07276d7c35467c663

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.5

v1.2.6

v1.3.0

v1.3.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.1.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.3.1

v4.*

v4.0.0

v4.0.0-alpha.0

v4.0.0-alpha.1

v4.0.0-alpha.2

v4.0.0-alpha.4

v4.0.0-alpha.5

v4.0.0-rc.1

v4.0.0-rc.2

v4.0.0-rc.3

v4.0.0-rc.4

v4.0.0-rc.5

v4.0.0-rc.7

v4.0.0-rc.8

v4.1.0

v4.1.1

v4.10.0

v4.10.1

v4.10.2

v4.10.3

v4.10.4

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.12.0

v4.12.2

v4.13.0

v4.14.0

v4.14.1

v4.15.0

v4.15.1

v4.16.0

v4.2.1

v4.2.2

v4.3.0

v4.3.1

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5.0

v4.5.1

v4.6.0

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.8.0

v4.8.1

v4.8.2

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0

v5.1.0

v5.1.1

v5.10.0

v5.11.0

v5.12.0

v5.13.0

v5.14.0

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.17.0

v5.17.1

v5.18.0

v5.19.0

v5.19.1

v5.2.0

v5.20.0

v5.21.0

v5.21.1

v5.21.2

v5.22.0

v5.22.1

v5.23.0

v5.23.4

v5.24.0

v5.25.0

v5.25.1

v5.25.2

v5.25.3

v5.26.0

v5.26.1

v5.26.2

v5.26.3

v5.26.4

v5.26.5

v5.27.0

v5.27.1

v5.27.2

v5.28.0

v5.28.1

v5.28.2

v5.3.0

v5.4.0

v5.5.0

v5.5.1

v5.6.0

v5.6.1

v5.7.0

v5.8.0

v5.8.1

v5.8.2

v5.9.1

v6.*

v6.0.0

v6.0.1

v6.1.0

v6.2.0

v6.2.1

v6.3.0

v6.4.0

v6.5.0

v6.6.0