GHSA-9f24-jqhm-jfcw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9f24-jqhm-jfcw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-9f24-jqhm-jfcw/GHSA-9f24-jqhm-jfcw.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-9f24-jqhm-jfcw
- Aliases
- Published
- 2024-02-16T15:59:38Z
- Modified
- 2024-04-19T09:30:47Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- fetch(url) leads to a memory leak in undici
- Details
-
Impact
Calling
fetch(url)and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.Patches
Patched in v6.6.1
Workarounds
Make sure to always consume the incoming body.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2024-02-16T15:59:38Z", "nvd_published_at": "2024-02-16T22:15:07Z", "cwe_ids": [ "CWE-400", "CWE-401" ], "severity": "MODERATE" }- References
-
- https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
- https://nvd.nist.gov/vuln/detail/CVE-2024-24750
- https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
- https://github.com/nodejs/undici
- https://github.com/nodejs/undici/releases/tag/v6.6.1
- https://security.netapp.com/advisory/ntap-20240419-0006
Affected packages
npm / undici
Package
- Name
- undici
- View open source insights on deps.dev
- Purl
- pkg:npm/undici