Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
undici Denial of Service attack via bad certificate data
Vulnerability Description
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Vulnerability Title
undici 安全漏洞
Vulnerability Description
undici是Node.js开源的一个HTTP/1.1客户端。 undici 5.29.0、6.21.2和7.5.0之前版本存在安全漏洞,该漏洞源于重复调用无效证书的webhook可能导致内存泄漏。
CVSS Information
N/A
Vulnerability Type
N/A