Low severity2.0OSV Advisory· Published Jul 8, 2024· Updated Apr 15, 2026
CVE-2024-38372
CVE-2024-38372
Description
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process. This has been patched in v6.19.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
undicinpm | >= 6.14.0, < 6.19.2 | 6.19.2 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-3g92-w8c5-73pqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38372ghsaADVISORY
- github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36nvdWEB
- github.com/nodejs/undici/issues/3328nvdWEB
- github.com/nodejs/undici/issues/3337nvdWEB
- github.com/nodejs/undici/pull/3338nvdWEB
- github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pqnvdWEB
- security.netapp.com/advisory/ntap-20240828-0009/nvd
News mentions
0No linked articles in our index yet.