CVE-2024-24750

Name of the Vulnerable Software and Affected Versions Undici versions prior to 6.6.1

Description The issue is related to the fetch() function of the Undici HTTP/1.1 client for Node.js, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denial of service. The problem arises when fetch(url) is called and the incoming body is not consumed or is consumed very slowly, resulting in a memory leak.

Recommendations For versions prior to 6.6.1, upgrade to version 6.6.1 or later to resolve the issue. For users unable to upgrade, make sure to always consume the incoming body when calling fetch(url) to minimize the risk of exploitation.