CVE-2024-30261

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

Related Vulnerabilities

CVE-2016-4874

LOW
CVSS:3.5(Low)

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

CWE-2842016

CVE-2020-3126

LOW
CVSS:3.5(Low)

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security wa...

CWE-2842020

CVE-2021-22567

LOW
CVSS:3.5(Low)

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker...

CWE-2842021

CVE-2022-39860

LOW
CVSS:3.5(Low)

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

CWE-2842022

CVE-2023-28845

LOW
CVSS:3.5(Low)

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use th...

CWE-2842023

CVE-2023-49098

LOW
CVSS:3.5(Low)

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CWE-2842023