undici@6.14.0 vulnerabilities

An HTTP/1.1 client, written from scratch for Node.js

Direct Vulnerabilities

Known vulnerabilities in the undici package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access of Memory Location After End of Buffer

undici is an An HTTP/1.1 client, written from scratch for Node.js

Affected versions of this package are vulnerable to Access of Memory Location After End of Buffer when cloning an arrayBuffer in body.js and util.js. This exposes some process memory when returning a buffer not exactly 8192 bytes in length. The attacker cannot fully control the contents of the returned buffer.

How to fix Access of Memory Location After End of Buffer?

Upgrade undici to version 6.19.2 or higher.

>=6.14.0 <6.19.2