{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:26:06.772","vulnerabilities":[{"cve":{"id":"CVE-2025-47279","sourceIdentifier":"security-advisories@github.com","published":"2025-05-15T18:15:38.027","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails."},{"lang":"es","value":"Undici es un cliente HTTP/1.1 para Node.js. En versiones anteriores a la 5.29.0, 6.21.2 y 7.5.0, las aplicaciones que usan undici para implementar un sistema similar a un webhook son vulnerables. Si el atacante configura un servidor con un certificado no válido y logra forzar la aplicación a llamar al webhook repetidamente, puede causar una fuga de memoria. Esto se ha corregido en las versiones 5.29.0, 6.21.2 y 7.5.0. Como solución alternativa, evite llamar a un webhook repetidamente si este falla."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25","source":"security-advisories@github.com"},{"url":"https://github.com/nodejs/undici/issues/3895","source":"security-advisories@github.com"},{"url":"https://github.com/nodejs/undici/pull/4088","source":"security-advisories@github.com"},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3","source":"security-advisories@github.com"}]}}]}