Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/undici@6.11.1
Typenpm
Namespace
Nameundici
Version6.11.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.23.0
Latest_non_vulnerable_version7.18.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7axr-j2xk-cugt
vulnerability_id VCID-7axr-j2xk-cugt
summary 
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
If an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered.
references
0
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
url https://github.com/nodejs/undici
1
reference_url https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
reference_id
reference_type
scores
url https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
2
reference_url https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
reference_id
reference_type
scores
url https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
3
reference_url https://hackerone.com/reports/2377760
reference_id
reference_type
scores
url https://hackerone.com/reports/2377760
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
7
reference_url https://security.netapp.com/advisory/ntap-20240905-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0008
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30261
reference_id CVE-2024-30261
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-30261
9
reference_url https://github.com/advisories/GHSA-9qxr-qj54-h672
reference_id GHSA-9qxr-qj54-h672
reference_type
scores
url https://github.com/advisories/GHSA-9qxr-qj54-h672
10
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
reference_id GHSA-9qxr-qj54-h672
reference_type
scores
url https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
fixed_packages
0
url pkg:npm/undici@5.28.4
purl pkg:npm/undici@5.28.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.4
1
url pkg:npm/undici@6.11.1
purl pkg:npm/undici@6.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.11.1
aliases CVE-2024-30261, GHSA-9qxr-qj54-h672
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7axr-j2xk-cugt
1
url VCID-kqg3-sar6-b7em
vulnerability_id VCID-kqg3-sar6-b7em
summary 
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.
references
0
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
url https://github.com/nodejs/undici
1
reference_url https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
reference_id
reference_type
scores
url https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
2
reference_url https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
reference_id
reference_type
scores
url https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
3
reference_url https://hackerone.com/reports/2408074
reference_id
reference_type
scores
url https://hackerone.com/reports/2408074
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
7
reference_url https://security.netapp.com/advisory/ntap-20240905-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0008
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30260
reference_id CVE-2024-30260
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-30260
9
reference_url https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
reference_id GHSA-m4v8-wqvr-p9f7
reference_type
scores
url https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
10
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
reference_id GHSA-m4v8-wqvr-p9f7
reference_type
scores
url https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
fixed_packages
0
url pkg:npm/undici@5.28.4
purl pkg:npm/undici@5.28.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@5.28.4
1
url pkg:npm/undici@6.11.1
purl pkg:npm/undici@6.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/undici@6.11.1
aliases CVE-2024-30260, GHSA-m4v8-wqvr-p9f7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqg3-sar6-b7em
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/undici@6.11.1