NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-24750

Summary	Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Publication Date	Feb. 17, 2024, 7:15 a.m.
Registration Date	Feb. 17, 2024, 10 a.m.
Last Update	April 19, 2024, 4:15 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
2	https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
3	https://security.netapp.com/advisory/ntap-20240419-0006/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html