node-fetch 信息泄露漏洞

🗓️ 16 Jan 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

node-fetch information disclosure vulnerability exposes sensitive data to unauthorized parties.

Reporter	Title	Published	Views	Family All 131
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components	28 Mar 202415:34	–	ibm
IBM Security Bulletins	Security Bulletin:Multiple Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2020-15168, CVE-2022-0235)	5 Sep 202312:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation	14 Apr 202215:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022	29 Apr 202210:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)	12 Mar 202201:27	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager	15 May 202312:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-0235	4 Nov 202218:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js (CVE-2022-0235,CVE-2020-15168)	17 May 202319:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1	26 Mar 202502:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-0235)	16 Mar 202212:15	–	ibm

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
huntr	www.huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
lists	www.lists.debian.org/debian-lts-announce/2022/12/msg00007.html
github	www.github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
auscert	www.auscert.org.au/bulletins/ESB-2022.3977
auscert	www.auscert.org.au/bulletins/ESB-2022.2427
packetstormsecurity	www.packetstormsecurity.com/files/166983/Red-Hat-Security-Advisory-2022-1739-01.html
packetstormsecurity	www.packetstormsecurity.com/files/170429/Red-Hat-Security-Advisory-2023-0050-01.html
packetstormsecurity	www.packetstormsecurity.com/files/169935/Red-Hat-Security-Advisory-2022-8524-01.html
auscert	www.auscert.org.au/bulletins/ESB-2023.0115

23 May 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 25.8

CVSS 3.16.1

CVSS 38.8

EPSS0.0029

node fetch information disclosure sensitive data unauthorized access