VYPR
Low severityNVD Advisory· Published Apr 4, 2024· Updated Nov 4, 2025

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

CVE-2024-30260

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request(). This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
undicinpm
< 5.28.45.28.4
undicinpm
>= 6.0.0, < 6.11.16.11.1

Affected products

16

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.