CVSS 3.1 Score 3.9 of 10 (low)


Published Apr 4, 2024
CWE ID 285


CVE-2024-30260 is a vulnerability in Undici, an HTTP/1.1 client for Node.js. The vulnerability allowed the Authorization and Proxy-Authorization headers to remain un-cleared for undici.request(), while they were cleared for fetch(). This vulnerability has been fixed in versions 5.28.4 and 6.11.1 of Undici. The risk score for this vulnerability is 5, with a base severity of LOW. It requires HIGH privileges and user interaction is REQUIRED. The attack vector is NETWORK and the impact on integrity and confidentiality is LOW. The exploitability score is 0.5, indicating a moderate level of difficulty to exploit the vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-30260 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options