Description
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =5.15.0+dfsg1+~cs20.10.9.3-1 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u3 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4 || =5.19.1+dfsg1+~cs20.10.9.5-1 || =5.19.1+dfsg1+~cs20.10.9.5-2 || =5.22.1+dfsg1+~cs20.10.10.2-1 || =5.26.3+dfsg1+~cs23.10.12-1 || =5.26.3+dfsg1+~cs23.10.12-2 || =5.26.3+dfsg1+~cs23.10.12-3 || =5.28.0+dfsg1+~cs23.11.12.3-1 || =5.28.0+dfsg1+~cs23.11.12.3-2 || =5.28.2+dfsg1+~cs23.11.12.3-1 || =5.28.2+dfsg1+~cs23.11.12.3-2 || =5.28.2+dfsg1+~cs23.11.12.3-3 || =5.28.2+dfsg1+~cs23.11.12.3-4 || =5.28.2+dfsg1+~cs23.11.12.3-5 || =5.28.2+dfsg1+~cs23.11.12.3-6 || =5.28.4+dfsg1+~cs23.12.11-1 || =5.28.4+dfsg1+~cs23.12.11-2 || =7.1.0+dfsg1+~cs24.12.10-1 || =7.15.0+dfsg+~cs3.2.0-1 || =7.15.0+dfsg+~cs3.2.0-3 || =7.16.0+dfsg+~cs3.2.0-1 || =7.16.0+dfsg+~cs3.2.0-2 || =7.18.2+dfsg+~cs3.2.0-1 || =7.2.3+dfsg1+~cs24.12.11-1 || =7.2.3+dfsg1+~cs24.12.11-2 || =7.24.5+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-2 || =7.3.0+dfsg1+~cs24.12.11-1 || =7.3.0+dfsg1+~cs24.12.11-2 | - |
debian 13 | | =7.15.0+dfsg+~cs3.2.0-1 || =7.15.0+dfsg+~cs3.2.0-3 || =7.16.0+dfsg+~cs3.2.0-1 || =7.16.0+dfsg+~cs3.2.0-2 || =7.18.2+dfsg+~cs3.2.0-1 || =7.24.5+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-2 || =7.3.0+dfsg1+~cs24.12.11-1 || =7.3.0+dfsg1+~cs24.12.11-2 | - |
debian 14 | | =7.15.0+dfsg+~cs3.2.0-1 || =7.15.0+dfsg+~cs3.2.0-3 || =7.16.0+dfsg+~cs3.2.0-1 || =7.16.0+dfsg+~cs3.2.0-2 || =7.18.2+dfsg+~cs3.2.0-1 || =7.3.0+dfsg1+~cs24.12.11-1 || =7.3.0+dfsg1+~cs24.12.11-2 || >=0 <7.24.5+dfsg+~cs3.2.0-1 | 7.24.5+dfsg+~cs3.2.0-1 |
 npm | | >=0 <5.29.0 || >=6.0.0 <6.21.2 || >=7.0.0 <7.5.0 | 5.29.0, 6.21.2, 7.5.0 |
 rpm rhel9 | | - | - |
rpm rhel8 | | - | - |
rpm rhel10 | | - | - |
