VYPR
Low severity2.0OSV Advisory· Published Jul 8, 2024· Updated Apr 15, 2026

CVE-2024-38372

CVE-2024-38372

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process. This has been patched in v6.19.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
undicinpm
>= 6.14.0, < 6.19.26.19.2

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.