CVE-2024-24750

Uncontrolled Resource Consumption in npm/undici

Identifiers

GHSA-9f24-jqhm-jfcw, CVE-2024-24750

Package Slug

npm/undici

Vulnerability

Uncontrolled Resource Consumption

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.

Affected Versions

All versions starting from 6.0.0 up to 6.6.0

Solution

Upgrade to version 6.6.1 or above.

Last Modified

2024-02-19

source