Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Undici vulnerable to data leak when using response.arrayBuffer()
Vulnerability Description
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
undici 安全漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 undici 6.14.0版本至6.19.2之前版本存在安全漏洞,该漏洞源于response.arrayBuffer函数可能包含来自Node.js进程的部分内存。
CVSS Information
N/A
Vulnerability Type
N/A