ALAS-2024-694

NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ (CVE-2024-27982)

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. (CVE-2024-30260)

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. (CVE-2024-30261)

aarch64:
    nodejs-libs-debuginfo-18.20.2-1.amzn2023.0.1.aarch64
    nodejs-full-i18n-18.20.2-1.amzn2023.0.1.aarch64
    nodejs-libs-18.20.2-1.amzn2023.0.1.aarch64
    nodejs-devel-18.20.2-1.amzn2023.0.1.aarch64
    nodejs-debuginfo-18.20.2-1.amzn2023.0.1.aarch64
    v8-10.2-devel-10.2.154.26-1.18.20.2.1.amzn2023.0.1.aarch64
    nodejs-18.20.2-1.amzn2023.0.1.aarch64
    nodejs-npm-10.5.0-1.18.20.2.1.amzn2023.0.1.aarch64
    nodejs-debugsource-18.20.2-1.amzn2023.0.1.aarch64

noarch:
    nodejs-docs-18.20.2-1.amzn2023.0.1.noarch

src:
    nodejs-18.20.2-1.amzn2023.0.1.src

x86_64:
    nodejs-libs-debuginfo-18.20.2-1.amzn2023.0.1.x86_64
    nodejs-debuginfo-18.20.2-1.amzn2023.0.1.x86_64
    nodejs-full-i18n-18.20.2-1.amzn2023.0.1.x86_64
    v8-10.2-devel-10.2.154.26-1.18.20.2.1.amzn2023.0.1.x86_64
    nodejs-devel-18.20.2-1.amzn2023.0.1.x86_64
    nodejs-libs-18.20.2-1.amzn2023.0.1.x86_64
    nodejs-18.20.2-1.amzn2023.0.1.x86_64
    nodejs-npm-10.5.0-1.18.20.2.1.amzn2023.0.1.x86_64
    nodejs-debugsource-18.20.2-1.amzn2023.0.1.x86_64