Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/undici@5.8.2
Typenpm
Namespace
Nameundici
Version5.8.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.24.0
Latest_non_vulnerable_version7.24.0
Affected_by_vulnerabilities
0
url VCID-4f62-g4w7-sqc5
vulnerability_id VCID-4f62-g4w7-sqc5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45143.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45143
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.29886
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45143
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45143
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45143
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053879
reference_id 1053879
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053879
12
reference_url https://hackerone.com/reports/2166948
reference_id 2166948
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://hackerone.com/reports/2166948
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2244104
reference_id 2244104
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2244104
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
reference_id 3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
15
reference_url https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
reference_id e041de359221ebeae04c469e8aff4145764e6d76
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
reference_id E72T67UPDRXHIDLO3OROR25YAMN4GGW5
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
reference_id FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
18
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
reference_id GHSA-q768-x9m6-m9qp
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
19
reference_url https://github.com/advisories/GHSA-wqq4-5wpv-mx2g
reference_id GHSA-wqq4-5wpv-mx2g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqq4-5wpv-mx2g
20
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
reference_id GHSA-wqq4-5wpv-mx2g
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
21
reference_url https://security.gentoo.org/glsa/202505-11
reference_id GLSA-202505-11
reference_type
scores
url https://security.gentoo.org/glsa/202505-11
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
reference_id HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
reference_id LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
24
reference_url https://access.redhat.com/errata/RHSA-2023:5849
reference_id RHSA-2023:5849
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5849
25
reference_url https://access.redhat.com/errata/RHSA-2023:5869
reference_id RHSA-2023:5869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5869
26
reference_url https://access.redhat.com/errata/RHSA-2023:7205
reference_id RHSA-2023:7205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7205
27
reference_url https://github.com/nodejs/undici/releases/tag/v5.26.2
reference_id v5.26.2
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://github.com/nodejs/undici/releases/tag/v5.26.2
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
reference_id X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
fixed_packages
0
url pkg:npm/undici@5.26.2
purl pkg:npm/undici@5.26.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-bb3s-t1q2-uufg
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-gwng-pdqq-wyeu
6
vulnerability VCID-rqp9-y5v9-kkht
7
vulnerability VCID-t4mv-7pwt-ryau
8
vulnerability VCID-xyrc-bdam-x7aw
9
vulnerability VCID-ychy-jj1e-mug1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.26.2
aliases CVE-2023-45143, GHSA-wqq4-5wpv-mx2g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f62-g4w7-sqc5
1
url VCID-4gay-kbzx-zkg7
vulnerability_id VCID-4gay-kbzx-zkg7
summary 
ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to:

  *  Inject arbitrary HTTP headers
  *  Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)
The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters:

// lib/dispatcher/client-h1.js:1121
if (upgrade) {
  header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n`
}
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1527.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1527.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1527
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01904
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1527
2
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1527
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1527
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130882
reference_id 1130882
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130882
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447141
reference_id 2447141
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447141
6
reference_url https://hackerone.com/reports/3487198
reference_id 3487198
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:05:24Z/
url https://hackerone.com/reports/3487198
7
reference_url https://github.com/advisories/GHSA-4992-7rv2-5pvq
reference_id GHSA-4992-7rv2-5pvq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4992-7rv2-5pvq
8
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq
reference_id GHSA-4992-7rv2-5pvq
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:05:24Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq
9
reference_url https://access.redhat.com/errata/RHSA-2026:7350
reference_id RHSA-2026:7350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7350
10
reference_url https://access.redhat.com/errata/RHSA-2026:7670
reference_id RHSA-2026:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7670
11
reference_url https://access.redhat.com/errata/RHSA-2026:7675
reference_id RHSA-2026:7675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7675
12
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:05:24Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/undici@6.24.0
purl pkg:npm/undici@6.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.24.0
1
url pkg:npm/undici@7.24.0
purl pkg:npm/undici@7.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.24.0
aliases CVE-2026-1527, GHSA-4992-7rv2-5pvq
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gay-kbzx-zkg7
2
url VCID-7pfj-bmxq-eba5
vulnerability_id VCID-7pfj-bmxq-eba5
summary 
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.

The vulnerability exists because:

  *  The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15
  *  The createInflateRaw() call is not wrapped in a try-catch block
  *  The resulting exception propagates up through the call stack and crashes the Node.js process
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2229.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2229
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38732
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2229
2
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2229
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2229
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130884
reference_id 1130884
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130884
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447143
reference_id 2447143
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447143
6
reference_url https://hackerone.com/reports/3487486
reference_id 3487486
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:06:30Z/
url https://hackerone.com/reports/3487486
7
reference_url https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
reference_id GHSA-v9p9-hfj2-hcw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
8
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
reference_id GHSA-v9p9-hfj2-hcw8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:06:30Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
9
reference_url https://datatracker.ietf.org/doc/html/rfc7692
reference_id rfc7692
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:06:30Z/
url https://datatracker.ietf.org/doc/html/rfc7692
10
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
11
reference_url https://access.redhat.com/errata/RHSA-2026:17789
reference_id RHSA-2026:17789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17789
12
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
13
reference_url https://access.redhat.com/errata/RHSA-2026:21931
reference_id RHSA-2026:21931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21931
14
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
15
reference_url https://access.redhat.com/errata/RHSA-2026:7080
reference_id RHSA-2026:7080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7080
16
reference_url https://access.redhat.com/errata/RHSA-2026:7123
reference_id RHSA-2026:7123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7123
17
reference_url https://access.redhat.com/errata/RHSA-2026:7302
reference_id RHSA-2026:7302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7302
18
reference_url https://access.redhat.com/errata/RHSA-2026:7310
reference_id RHSA-2026:7310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7310
19
reference_url https://access.redhat.com/errata/RHSA-2026:7350
reference_id RHSA-2026:7350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7350
20
reference_url https://access.redhat.com/errata/RHSA-2026:7670
reference_id RHSA-2026:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7670
21
reference_url https://access.redhat.com/errata/RHSA-2026:7675
reference_id RHSA-2026:7675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7675
22
reference_url https://access.redhat.com/errata/RHSA-2026:7983
reference_id RHSA-2026:7983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7983
23
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
24
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:06:30Z/
url https://cna.openjsf.org/security-advisories.html
25
reference_url https://nodejs.org/api/zlib.html#class-zlibinflateraw
reference_id zlib.html#class-zlibinflateraw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:06:30Z/
url https://nodejs.org/api/zlib.html#class-zlibinflateraw
fixed_packages
0
url pkg:npm/undici@6.24.0
purl pkg:npm/undici@6.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.24.0
1
url pkg:npm/undici@7.24.0
purl pkg:npm/undici@7.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.24.0
aliases CVE-2026-2229, GHSA-v9p9-hfj2-hcw8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pfj-bmxq-eba5
3
url VCID-bb3s-t1q2-uufg
vulnerability_id VCID-bb3s-t1q2-uufg
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22150.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22150
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.70097
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22150
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22150
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22150
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2339176
reference_id 2339176
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2339176
6
reference_url https://hackerone.com/reports/2913312
reference_id 2913312
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://hackerone.com/reports/2913312
7
reference_url https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0
reference_id 711e20772764c29f6622ddc937c63b6eefdf07d0
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0
8
reference_url https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113
reference_id body.js#L113
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113
9
reference_url https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a
reference_id c2d78cd19fe4f4c621424491e26ce299e65e934a
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a
10
reference_url https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385
reference_id c3acc6050b781b827d80c86cbbab34f14458d385
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385
11
reference_url https://github.com/advisories/GHSA-c76h-2ccp-4975
reference_id GHSA-c76h-2ccp-4975
reference_type
scores
url https://github.com/advisories/GHSA-c76h-2ccp-4975
12
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975
reference_id GHSA-c76h-2ccp-4975
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975
13
reference_url https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
reference_id hacking-the-javascript-lottery-80cc437e3b7f
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/
url https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
14
reference_url https://access.redhat.com/errata/RHSA-2025:1351
reference_id RHSA-2025:1351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1351
15
reference_url https://access.redhat.com/errata/RHSA-2025:1443
reference_id RHSA-2025:1443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1443
16
reference_url https://access.redhat.com/errata/RHSA-2025:1446
reference_id RHSA-2025:1446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1446
17
reference_url https://access.redhat.com/errata/RHSA-2025:1454
reference_id RHSA-2025:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1454
18
reference_url https://access.redhat.com/errata/RHSA-2025:1582
reference_id RHSA-2025:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1582
19
reference_url https://access.redhat.com/errata/RHSA-2025:1611
reference_id RHSA-2025:1611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1611
20
reference_url https://access.redhat.com/errata/RHSA-2025:1613
reference_id RHSA-2025:1613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1613
21
reference_url https://access.redhat.com/errata/RHSA-2025:17145
reference_id RHSA-2025:17145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17145
22
reference_url https://access.redhat.com/errata/RHSA-2025:1931
reference_id RHSA-2025:1931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1931
23
reference_url https://access.redhat.com/errata/RHSA-2025:21368
reference_id RHSA-2025:21368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21368
24
reference_url https://access.redhat.com/errata/RHSA-2025:2588
reference_id RHSA-2025:2588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2588
25
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
26
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
27
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
fixed_packages
0
url pkg:npm/undici@5.28.5
purl pkg:npm/undici@5.28.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-by57-rp7b-1uge
3
vulnerability VCID-cmkj-wegt-q3eb
4
vulnerability VCID-rqp9-y5v9-kkht
5
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.5
1
url pkg:npm/undici@6.21.1
purl pkg:npm/undici@6.21.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-rqp9-y5v9-kkht
6
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.21.1
2
url pkg:npm/undici@7.2.3
purl pkg:npm/undici@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-rqp9-y5v9-kkht
6
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.2.3
aliases CVE-2025-22150, GHSA-c76h-2ccp-4975
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb3s-t1q2-uufg
4
url VCID-by57-rp7b-1uge
vulnerability_id VCID-by57-rp7b-1uge
summary 
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.

The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1526.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1526.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1526
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06093
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1526
2
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1526
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1526
4
reference_url https://owasp.org/www-community/attacks/Denial_of_Service
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://owasp.org/www-community/attacks/Denial_of_Service
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130880
reference_id 1130880
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130880
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447142
reference_id 2447142
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447142
7
reference_url https://hackerone.com/reports/3481206
reference_id 3481206
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:04:06Z/
url https://hackerone.com/reports/3481206
8
reference_url https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
reference_id GHSA-vrm6-8vpv-qv8q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
9
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q
reference_id GHSA-vrm6-8vpv-qv8q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:04:06Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q
10
reference_url https://datatracker.ietf.org/doc/html/rfc7692
reference_id rfc7692
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:04:06Z/
url https://datatracker.ietf.org/doc/html/rfc7692
11
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
12
reference_url https://access.redhat.com/errata/RHSA-2026:17789
reference_id RHSA-2026:17789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17789
13
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
14
reference_url https://access.redhat.com/errata/RHSA-2026:21931
reference_id RHSA-2026:21931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21931
15
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
16
reference_url https://access.redhat.com/errata/RHSA-2026:7080
reference_id RHSA-2026:7080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7080
17
reference_url https://access.redhat.com/errata/RHSA-2026:7123
reference_id RHSA-2026:7123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7123
18
reference_url https://access.redhat.com/errata/RHSA-2026:7302
reference_id RHSA-2026:7302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7302
19
reference_url https://access.redhat.com/errata/RHSA-2026:7310
reference_id RHSA-2026:7310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7310
20
reference_url https://access.redhat.com/errata/RHSA-2026:7350
reference_id RHSA-2026:7350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7350
21
reference_url https://access.redhat.com/errata/RHSA-2026:7670
reference_id RHSA-2026:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7670
22
reference_url https://access.redhat.com/errata/RHSA-2026:7675
reference_id RHSA-2026:7675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7675
23
reference_url https://access.redhat.com/errata/RHSA-2026:7983
reference_id RHSA-2026:7983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7983
24
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
25
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T18:04:06Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/undici@6.24.0
purl pkg:npm/undici@6.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.24.0
1
url pkg:npm/undici@7.24.0
purl pkg:npm/undici@7.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.24.0
aliases CVE-2026-1526, GHSA-vrm6-8vpv-qv8q
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-by57-rp7b-1uge
5
url VCID-cmkj-wegt-q3eb
vulnerability_id VCID-cmkj-wegt-q3eb
summary 
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire.

Who is impacted:

  *  Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays
  *  Applications that accept user-controlled header names without case-normalization


Potential consequences:

  *  Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request)
  *  HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1525.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1525.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1525
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05237
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1525
2
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1525
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1525
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130879
reference_id 1130879
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130879
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447144
reference_id 2447144
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447144
6
reference_url https://hackerone.com/reports/3556037
reference_id 3556037
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:44:24Z/
url https://hackerone.com/reports/3556037
7
reference_url https://cwe.mitre.org/data/definitions/444.html
reference_id 444.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:44:24Z/
url https://cwe.mitre.org/data/definitions/444.html
8
reference_url https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
reference_id GHSA-2mjp-6q6p-2qxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
9
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm
reference_id GHSA-2mjp-6q6p-2qxm
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:44:24Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm
10
reference_url https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6
reference_id rfc9110.html#section-8.6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:44:24Z/
url https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6
11
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
12
reference_url https://access.redhat.com/errata/RHSA-2026:17789
reference_id RHSA-2026:17789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17789
13
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
14
reference_url https://access.redhat.com/errata/RHSA-2026:7080
reference_id RHSA-2026:7080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7080
15
reference_url https://access.redhat.com/errata/RHSA-2026:7123
reference_id RHSA-2026:7123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7123
16
reference_url https://access.redhat.com/errata/RHSA-2026:7302
reference_id RHSA-2026:7302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7302
17
reference_url https://access.redhat.com/errata/RHSA-2026:7310
reference_id RHSA-2026:7310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7310
18
reference_url https://access.redhat.com/errata/RHSA-2026:7350
reference_id RHSA-2026:7350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7350
19
reference_url https://access.redhat.com/errata/RHSA-2026:7670
reference_id RHSA-2026:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7670
20
reference_url https://access.redhat.com/errata/RHSA-2026:7675
reference_id RHSA-2026:7675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7675
21
reference_url https://access.redhat.com/errata/RHSA-2026:7983
reference_id RHSA-2026:7983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7983
22
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
23
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:44:24Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/undici@6.24.0
purl pkg:npm/undici@6.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.24.0
1
url pkg:npm/undici@7.24.0
purl pkg:npm/undici@7.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.24.0
aliases CVE-2026-1525, GHSA-2mjp-6q6p-2qxm
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmkj-wegt-q3eb
6
url VCID-gwng-pdqq-wyeu
vulnerability_id VCID-gwng-pdqq-wyeu
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30261.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30261.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30261
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20766
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30261
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
7
reference_url https://security.netapp.com/advisory/ntap-20240905-0008
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0008
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2273519
reference_id 2273519
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2273519
9
reference_url https://hackerone.com/reports/2377760
reference_id 2377760
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://hackerone.com/reports/2377760
10
reference_url https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
reference_id 2b39440bd9ded841c93dd72138f3b1763ae26055
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30261
reference_id CVE-2024-30261
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30261
12
reference_url https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
reference_id d542b8cd39ec1ba303f038ea26098c3f355974f3
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
13
reference_url https://github.com/advisories/GHSA-9qxr-qj54-h672
reference_id GHSA-9qxr-qj54-h672
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qxr-qj54-h672
14
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
reference_id GHSA-9qxr-qj54-h672
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
reference_id HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
reference_id NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
reference_id P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:04:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
18
reference_url https://access.redhat.com/errata/RHSA-2024:6667
reference_id RHSA-2024:6667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6667
19
reference_url https://access.redhat.com/errata/RHSA-2025:1931
reference_id RHSA-2025:1931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1931
fixed_packages
0
url pkg:npm/undici@5.28.4
purl pkg:npm/undici@5.28.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-bb3s-t1q2-uufg
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-rqp9-y5v9-kkht
6
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.4
1
url pkg:npm/undici@6.11.1
purl pkg:npm/undici@6.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-rqp9-y5v9-kkht
7
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.11.1
aliases CVE-2024-30261, GHSA-9qxr-qj54-h672
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwng-pdqq-wyeu
7
url VCID-rn1v-ed8c-d3fs
vulnerability_id VCID-rn1v-ed8c-d3fs
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56915
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
6
reference_url https://hackerone.com/reports/1820955
reference_id 1820955
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://hackerone.com/reports/1820955
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
reference_id 2172190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
8
reference_url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
reference_id a2eff05401358f6595138df963837c24348f2034
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
9
reference_url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
10
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
11
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
12
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
13
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
14
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
15
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
16
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id v5.19.1
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
fixed_packages
0
url pkg:npm/undici@5.19.1
purl pkg:npm/undici@5.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f62-g4w7-sqc5
1
vulnerability VCID-4gay-kbzx-zkg7
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-gwng-pdqq-wyeu
7
vulnerability VCID-rqp9-y5v9-kkht
8
vulnerability VCID-t4mv-7pwt-ryau
9
vulnerability VCID-xyrc-bdam-x7aw
10
vulnerability VCID-ychy-jj1e-mug1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.19.1
aliases CVE-2023-23936, GHSA-5r9g-qh6m-jxff
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn1v-ed8c-d3fs
8
url VCID-rqp9-y5v9-kkht
vulnerability_id VCID-rqp9-y5v9-kkht
summary Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47279.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47279.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47279
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47279
2
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47279
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47279
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105860
reference_id 1105860
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105860
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366632
reference_id 2366632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366632
6
reference_url https://github.com/nodejs/undici/issues/3895
reference_id 3895
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T17:51:54Z/
url https://github.com/nodejs/undici/issues/3895
7
reference_url https://github.com/nodejs/undici/pull/4088
reference_id 4088
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T17:51:54Z/
url https://github.com/nodejs/undici/pull/4088
8
reference_url https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
reference_id f317618ec28753a4218beccea048bcf89c36db25
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T17:51:54Z/
url https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
9
reference_url https://github.com/advisories/GHSA-cxrh-j4jr-qwg3
reference_id GHSA-cxrh-j4jr-qwg3
reference_type
scores
url https://github.com/advisories/GHSA-cxrh-j4jr-qwg3
10
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3
reference_id GHSA-cxrh-j4jr-qwg3
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T17:51:54Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3
fixed_packages
0
url pkg:npm/undici@5.29.0
purl pkg:npm/undici@5.29.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-by57-rp7b-1uge
3
vulnerability VCID-cmkj-wegt-q3eb
4
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.29.0
1
url pkg:npm/undici@6.21.2
purl pkg:npm/undici@6.21.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.21.2
2
url pkg:npm/undici@7.5.0
purl pkg:npm/undici@7.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.5.0
aliases CVE-2025-47279, GHSA-cxrh-j4jr-qwg3
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqp9-y5v9-kkht
9
url VCID-t4mv-7pwt-ryau
vulnerability_id VCID-t4mv-7pwt-ryau
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22036.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22036.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22036
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06931
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22036
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125679
reference_id 1125679
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125679
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2429741
reference_id 2429741
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2429741
6
reference_url https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3
reference_id b04e3cbb569c1596f86c108e9b52c79d8475dcb3
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T19:17:52Z/
url https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22036
reference_id CVE-2026-22036
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22036
8
reference_url https://github.com/advisories/GHSA-g9mf-h72j-4rw9
reference_id GHSA-g9mf-h72j-4rw9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g9mf-h72j-4rw9
9
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9
reference_id GHSA-g9mf-h72j-4rw9
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T19:17:52Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9
10
reference_url https://access.redhat.com/errata/RHSA-2026:24841
reference_id RHSA-2026:24841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24841
fixed_packages
0
url pkg:npm/undici@6.23.0
purl pkg:npm/undici@6.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.23.0
1
url pkg:npm/undici@7.18.2
purl pkg:npm/undici@7.18.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-fmxm-x112-gff9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@7.18.2
aliases CVE-2026-22036, GHSA-g9mf-h72j-4rw9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mv-7pwt-ryau
10
url VCID-xyrc-bdam-x7aw
vulnerability_id VCID-xyrc-bdam-x7aw
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30260.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30260.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30260
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41746
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30260
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://hackerone.com/reports/2408074
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/2408074
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
8
reference_url https://security.netapp.com/advisory/ntap-20240905-0008
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0008
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2273522
reference_id 2273522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2273522
10
reference_url https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
reference_id 64e3402da4e032e68de46acb52800c9a06aaea3f
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
11
reference_url https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
reference_id 6805746680d27a5369d7fb67bc05f95a28247d75
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30260
reference_id CVE-2024-30260
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30260
13
reference_url https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
reference_id GHSA-m4v8-wqvr-p9f7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
14
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
reference_id GHSA-m4v8-wqvr-p9f7
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
reference_id HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
reference_id NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
reference_id P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:43:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
18
reference_url https://access.redhat.com/errata/RHSA-2024:6667
reference_id RHSA-2024:6667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6667
fixed_packages
0
url pkg:npm/undici@5.28.4
purl pkg:npm/undici@5.28.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-bb3s-t1q2-uufg
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-rqp9-y5v9-kkht
6
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.4
1
url pkg:npm/undici@6.11.1
purl pkg:npm/undici@6.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-rqp9-y5v9-kkht
7
vulnerability VCID-t4mv-7pwt-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.11.1
aliases CVE-2024-30260, GHSA-m4v8-wqvr-p9f7
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xyrc-bdam-x7aw
11
url VCID-ychy-jj1e-mug1
vulnerability_id VCID-ychy-jj1e-mug1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24758.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24758.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24758
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51551
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24758
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.28.3
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici/releases/tag/v5.28.3
6
reference_url https://github.com/nodejs/undici/releases/tag/v6.6.1
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici/releases/tag/v6.6.1
7
reference_url https://security.netapp.com/advisory/ntap-20240419-0007
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240419-0007
8
reference_url http://www.openwall.com/lists/oss-security/2024/03/11/1
reference_id 1
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:56:27Z/
url http://www.openwall.com/lists/oss-security/2024/03/11/1
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064312
reference_id 1064312
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064312
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2264730
reference_id 2264730
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2264730
11
reference_url https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
reference_id b9da3e40f1f096a06b4caedbb27c2568730434ef
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:56:27Z/
url https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24758
reference_id CVE-2024-24758
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24758
13
reference_url https://github.com/advisories/GHSA-3787-6prv-h9w3
reference_id GHSA-3787-6prv-h9w3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3787-6prv-h9w3
14
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
reference_id GHSA-3787-6prv-h9w3
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:56:27Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
15
reference_url https://security.netapp.com/advisory/ntap-20240419-0007/
reference_id ntap-20240419-0007
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:56:27Z/
url https://security.netapp.com/advisory/ntap-20240419-0007/
fixed_packages
0
url pkg:npm/undici@5.28.3
purl pkg:npm/undici@5.28.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-7pfj-bmxq-eba5
2
vulnerability VCID-bb3s-t1q2-uufg
3
vulnerability VCID-by57-rp7b-1uge
4
vulnerability VCID-cmkj-wegt-q3eb
5
vulnerability VCID-gwng-pdqq-wyeu
6
vulnerability VCID-rqp9-y5v9-kkht
7
vulnerability VCID-t4mv-7pwt-ryau
8
vulnerability VCID-xyrc-bdam-x7aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.3
1
url pkg:npm/undici@6.6.1
purl pkg:npm/undici@6.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gay-kbzx-zkg7
1
vulnerability VCID-5f6z-hep3-8ubw
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-gwng-pdqq-wyeu
7
vulnerability VCID-rqp9-y5v9-kkht
8
vulnerability VCID-t4mv-7pwt-ryau
9
vulnerability VCID-xyrc-bdam-x7aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.6.1
aliases CVE-2024-24758, GHSA-3787-6prv-h9w3
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ychy-jj1e-mug1
12
url VCID-zw17-4s2u-xudq
vulnerability_id VCID-zw17-4s2u-xudq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54133
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
reference_id 2172204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
7
reference_url https://hackerone.com/bugs?report_id=1784449
reference_id bugs?report_id=1784449
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://hackerone.com/bugs?report_id=1784449
8
reference_url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
reference_id f2324e549943f0b0937b09fb1c0c16cc7c93abdf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
9
reference_url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
10
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
11
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
12
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
13
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
14
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
15
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
16
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id v5.19.1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
fixed_packages
0
url pkg:npm/undici@5.19.1
purl pkg:npm/undici@5.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f62-g4w7-sqc5
1
vulnerability VCID-4gay-kbzx-zkg7
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-gwng-pdqq-wyeu
7
vulnerability VCID-rqp9-y5v9-kkht
8
vulnerability VCID-t4mv-7pwt-ryau
9
vulnerability VCID-xyrc-bdam-x7aw
10
vulnerability VCID-ychy-jj1e-mug1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.19.1
aliases CVE-2023-24807, GHSA-r6ch-mqf9-qc9w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zw17-4s2u-xudq
Fixing_vulnerabilities
0
url VCID-2gs9-awyr-v3hf
vulnerability_id VCID-2gs9-awyr-v3hf
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35949.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35949.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35949
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60466
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35949
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895
reference_id 124f7ebf705366b2e1844dff721928d270f87895
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:52Z/
url https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2121068
reference_id 2121068
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2121068
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35949
reference_id CVE-2022-35949
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35949
7
reference_url https://github.com/advisories/GHSA-8qr4-xgw6-wmr3
reference_id GHSA-8qr4-xgw6-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qr4-xgw6-wmr3
8
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
reference_id GHSA-8qr4-xgw6-wmr3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:52Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
9
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
10
reference_url https://github.com/nodejs/undici/releases/tag/v5.8.2
reference_id v5.8.2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:52Z/
url https://github.com/nodejs/undici/releases/tag/v5.8.2
fixed_packages
0
url pkg:npm/undici@5.8.2
purl pkg:npm/undici@5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f62-g4w7-sqc5
1
vulnerability VCID-4gay-kbzx-zkg7
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-gwng-pdqq-wyeu
7
vulnerability VCID-rn1v-ed8c-d3fs
8
vulnerability VCID-rqp9-y5v9-kkht
9
vulnerability VCID-t4mv-7pwt-ryau
10
vulnerability VCID-xyrc-bdam-x7aw
11
vulnerability VCID-ychy-jj1e-mug1
12
vulnerability VCID-zw17-4s2u-xudq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.8.2
aliases CVE-2022-35949, GHSA-8qr4-xgw6-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gs9-awyr-v3hf
1
url VCID-mbht-sbnn-nya8
vulnerability_id VCID-mbht-sbnn-nya8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35948.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35948
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37271
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35948
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2121101
reference_id 2121101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2121101
5
reference_url https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
reference_id 66165d604fd0aee70a93ed5c44ad4cc2df395f80
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:48Z/
url https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35948
reference_id CVE-2022-35948
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35948
7
reference_url https://github.com/advisories/GHSA-f772-66g8-q5h3
reference_id GHSA-f772-66g8-q5h3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f772-66g8-q5h3
8
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
reference_id GHSA-f772-66g8-q5h3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:48Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
9
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
10
reference_url https://github.com/nodejs/undici/releases/tag/v5.8.2
reference_id v5.8.2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:48Z/
url https://github.com/nodejs/undici/releases/tag/v5.8.2
fixed_packages
0
url pkg:npm/undici@5.8.2
purl pkg:npm/undici@5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f62-g4w7-sqc5
1
vulnerability VCID-4gay-kbzx-zkg7
2
vulnerability VCID-7pfj-bmxq-eba5
3
vulnerability VCID-bb3s-t1q2-uufg
4
vulnerability VCID-by57-rp7b-1uge
5
vulnerability VCID-cmkj-wegt-q3eb
6
vulnerability VCID-gwng-pdqq-wyeu
7
vulnerability VCID-rn1v-ed8c-d3fs
8
vulnerability VCID-rqp9-y5v9-kkht
9
vulnerability VCID-t4mv-7pwt-ryau
10
vulnerability VCID-xyrc-bdam-x7aw
11
vulnerability VCID-ychy-jj1e-mug1
12
vulnerability VCID-zw17-4s2u-xudq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.8.2
aliases CVE-2022-35948, GHSA-f772-66g8-q5h3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbht-sbnn-nya8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/undici@5.8.2