UBUNTU-CVE-2024-24758
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2024-24758
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-24758.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-24758
- Related
- Published
- 2024-02-16T22:15:00Z
- Modified
- 2024-02-16T22:15:00Z
- Summary
- [none]
- Details
-
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear
Proxy-Authenticationheaders. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
-
- https://ubuntu.com/security/CVE-2024-24758
- https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
- https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
- https://github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
- https://www.cve.org/CVERecord?id=CVE-2024-24758
- https://www.openwall.com/lists/oss-security/2024/03/11/1