CVE-2024-24758 Information

Description

Undici is an HTTP/1.1 client written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Reference

https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef