CVE-2024-30261 Affecting nodejs20 package, versions <20.12.1-150500.11.9.2


Severity

Recommended
0.0
low
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (13th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-NODEJS20-6616180
  • published17 Apr 2024
  • disclosed16 Apr 2024

Introduced: 16 Apr 2024

CVE-2024-30261  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 nodejs20 to version 20.12.1-150500.11.9.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream nodejs20 package and not the nodejs20 package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVSS Scores

version 3.1