CVE-2024-38372

Publication date 8 July 2024

Last updated 24 July 2024


Ubuntu priority

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.

Status

Package Ubuntu Release Status
node-undici 24.10 oracular
Needs evaluation
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy Not in release
20.04 LTS focal Not in release