MEDIUM 6.5
GHSA-9f24-jqhm-jfcw
fetch(url) leads to a memory leak in undici
Details
### Impact
Calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.
### Patches
Patched in v6.6.1
### Workarounds
Make sure to always consume the incoming body.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2024-24750 [ADVISORY]
- https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663 [WEB]
- https://github.com/nodejs/undici [PACKAGE]
- https://github.com/nodejs/undici/releases/tag/v6.6.1 [WEB]
- https://security.netapp.com/advisory/ntap-20240419-0006 [WEB]