Lucene search
K

129 matches found

UbuntuCve
UbuntuCve
added 2022/01/16 5:15 p.m.79 views

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS6.9AI score0.01646EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/01/16 5:15 p.m.3 views

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS6.9AI score0.01646EPSS
Exploits1References5
OSV
OSV
added 2022/01/16 5:15 p.m.5 views

UBUNTU-CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS6.9AI score0.01646EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/01/16 12:0 a.m.21 views

CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS7.9AI score0.01646EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/01/16 12:0 a.m.62 views

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS7.7AI score0.01646EPSS
Exploits1
CNNVD
CNNVD
added 2022/01/16 12:0 a.m.3 views

node-fetch 信息泄露漏洞

node-fetch is a lightweight module that brings the Fetch API to Node.js. An information disclosure vulnerability exists in node-fetch, which is vulnerable to the exposure of sensitive information to unauthorized participants...

8.8CVSS7.1AI score0.01646EPSS
Exploits1References34
Positive Technologies
Positive Technologies
added 2022/01/16 12:0 a.m.5 views

PT-2022-13054

Name of the Vulnerable Software and Affected Versions node-fetch versions affected versions not specified Description The issue concerns exposure of sensitive information to an unauthorized actor. Specifically, node-fetch forwards secure headers such as authorization, www-authenticate, cookie, an...

8.8CVSS6.5AI score0.01646EPSS
Exploits1References78
CVE
CVE
added 2022/01/16 12:0 a.m.784 views

CVE-2022-0235

CVE-2022-0235 affects the node-fetch package and is described as a vulnerability that could result in Exposure of Sensitive Information to an Unauthorized Actor. The connected document(s) confirm this CVE ID and provide contextual metrics (e.g., CVSS scores from NVD and related references), but d...

8.8CVSS7.7AI score0.01646EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/01/16 12:0 a.m.28 views

CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS7.3AI score0.01646EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.5 views

PT-2022-3647 · Lquixada · Cross-Fetch

Name of the Vulnerable Software and Affected Versions: lquixada/cross-fetch versions prior to 3.1.5 Description: The issue is related to the exposure of private personal information to an unauthorized actor. It is associated with errors in handling files, specifically cookies, in the WHATWG Fetch...

10CVSS7.3AI score0.01153EPSS
Exploits1References11
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.6 views

The vulnerability of the node-fetch library in the Aurora Center’s application software, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the node-fetch library in Aurora Application Software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to deny services through a specially crafted regular expression...

5.3CVSS6.6AI score0.01692EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.6 views

The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Center involves uncontrolled changes to prototype attributes of objects. This allows attackers to execute a “prototype pollution” attack.

The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Software is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...

7.5CVSS7.3AI score0.03162EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 6:35 p.m.50 views

Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Summary Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-15168 DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor...

5.3CVSS0.7AI score0.01692EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2020/09/24 10:46 a.m.37 views

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS0.4AI score0.01692EPSS
Exploits0References3
Veracode
Veracode
added 2020/09/11 3:20 a.m.26 views

Denial Of Service (DoS)

node-fetch is vulnerable to denial of service. The size option after following a redirect is not adhered to, which does not result in a FetchError being thrown and the process ending without failure when a content size was over the limit...

5.3CVSS2.4AI score0.01692EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/09/10 7:15 p.m.22 views

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS0.01692EPSS
Exploits0References2
OSV
OSV
added 2020/09/10 7:15 p.m.26 views

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS5.2AI score
Exploits0References2
OSV
OSV
added 2020/09/10 7:15 p.m.1 views

DEBIAN-CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS6.6AI score0.01692EPSS
Exploits0References1
Prion
Prion
added 2020/09/10 7:15 p.m.28 views

Design/Logic Flaw

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5CVSS6.1AI score0.01692EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/10 7:15 p.m.1 views

UBUNTU-CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS6.8AI score0.01692EPSS
Exploits0References4
Rows per page
Query Builder