Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Backpressure request ignored in fetch() in Undici
Vulnerability Description
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
undici 资源管理错误漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 undici 6.0.0至6.6.0版本存在资源管理错误漏洞,该漏洞源于函数fetch()存在内存泄漏漏洞。
CVSS Information
N/A
Vulnerability Type
N/A