Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Exploitability
AV:NAC:HPR:LUI:RScope
S:UImpact
C:NI:LA:N2.6/CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:NConfiguration