vulnerability

Amazon Linux 2023: CVE-2024-30261: Important priority package update for nodejs20 (Multiple Advisories)

Try Surface Command
Back to search
Severity
2
CVSS
(AV:N/AC:H/Au:S/C:N/I:P/A:N)
Published
Apr 4, 2024
Added
Dec 4, 2025
Modified
Dec 4, 2025

Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.

Solutions

amazon-linux-2023-upgrade-nodejsamazon-linux-2023-upgrade-nodejs20amazon-linux-2023-upgrade-nodejs20-debuginfoamazon-linux-2023-upgrade-nodejs20-debugsourceamazon-linux-2023-upgrade-nodejs20-develamazon-linux-2023-upgrade-nodejs20-docsamazon-linux-2023-upgrade-nodejs20-full-i18namazon-linux-2023-upgrade-nodejs20-libsamazon-linux-2023-upgrade-nodejs20-libs-debuginfoamazon-linux-2023-upgrade-nodejs20-npmamazon-linux-2023-upgrade-nodejs-debuginfoamazon-linux-2023-upgrade-nodejs-debugsourceamazon-linux-2023-upgrade-nodejs-develamazon-linux-2023-upgrade-nodejs-docsamazon-linux-2023-upgrade-nodejs-full-i18namazon-linux-2023-upgrade-nodejs-libsamazon-linux-2023-upgrade-nodejs-libs-debuginfoamazon-linux-2023-upgrade-nodejs-npmamazon-linux-2023-upgrade-v8-10-2-develamazon-linux-2023-upgrade-v8-11-3-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today