Description
Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process.
Recommendation
Update the undici package to the latest compatible version. Followings are version details:
- Affected version(s): >= 6.14.0, < 6.19.2
- Patched version(s): 6.19.2
References
Related Issues
- Server secret was included in static assets and served to clients - Vulnerability
- Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - CVE-2024-30260
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- Trix allows Cross-site Scripting via `javascript:` url in a link - CVE-2025-21610
- Tags:
- npm
- undici
Anything's wrong? Let us know Last updated on August 08, 2024