4369 matches found
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
DEBIAN-CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
UBUNTU-CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235
CVE-2022-0235 affects the node-fetch package and is described as a vulnerability that could result in Exposure of Sensitive Information to an Unauthorized Actor. The connected document(s) confirm this CVE ID and provide contextual metrics (e.g., CVSS scores from NVD and related references), but d...
node-fetch 信息泄露漏洞
node-fetch is a lightweight module that brings the Fetch API to Node.js. An information disclosure vulnerability exists in node-fetch, which is vulnerable to the exposure of sensitive information to unauthorized participants...
PT-2022-13054
Name of the Vulnerable Software and Affected Versions node-fetch versions affected versions not specified Description The issue concerns exposure of sensitive information to an unauthorized actor. Specifically, node-fetch forwards secure headers such as authorization, www-authenticate, cookie, an...
CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
Code injection
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
CVE-2022-22156
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...
Information Disclosure
follow-redirects is vulnerable to information disclosure. The cookie is exposed when the system is fetching a remote url with the redirect...
The vulnerability of the Google Chrome browser’s Background Fetch API programming interface, related to the disclosure of information in the erroneous data area, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Background Fetch API programming interface in Google Chrome browsers is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Google Chrome browser’s Background Fetch API interface, related to the disclosure of information in the erroneous data area, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Background Fetch API programming interface in Google Chrome browsers is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
in lquixada/cross-fetch
BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...
PT-2022-3647 · Lquixada · Cross-Fetch
Name of the Vulnerable Software and Affected Versions: lquixada/cross-fetch versions prior to 3.1.5 Description: The issue is related to the exposure of private personal information to an unauthorized actor. It is associated with errors in handling files, specifically cookies, in the WHATWG Fetch...
IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. Make an admin open a page with the following code in it, whi...