CVE-2024-24750 Information
Description
Undici is an HTTP/1.1 client written from scratch for Node.js. In affected versions calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Reference
https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
Undici
is
an
HTTP/1.1
client
written
from
scratch
for
Node.js.
In
affected
versions
calling
fetch(url)
and
not
consuming
the
incoming
body
((or
consuming
it
very
slowing)
will
lead
to
a
memory
leak.
This
issue
has
been
addressed
in
version
6.6.1.
Users
are
advised
to
upgrade.
Users
unable
to
upgrade
should
make
sure
to
always
consume
the
incoming
body.