124 matches found
CVE-2022-0235
CVE-2022-0235 affects the node-fetch package and is described as a vulnerability that could result in Exposure of Sensitive Information to an Unauthorized Actor. The connected document(s) confirm this CVE ID and provide contextual metrics (e.g., CVSS scores from NVD and related references), but d...
node-fetch 信息泄露漏洞
node-fetch is a lightweight module that brings the Fetch API to Node.js. An information disclosure vulnerability exists in node-fetch, which is vulnerable to the exposure of sensitive information to unauthorized participants...
CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
PT-2022-13054 · Npm +7 · Node-Fetch +7
Name of the Vulnerable Software and Affected Versions: node-fetch versions affected versions not specified Description: The issue concerns exposure of sensitive information to an unauthorized actor. Specifically, node-fetch forwards secure headers such as authorization, www-authenticate, cookie,...
CVE-2022-0235 Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...
PT-2022-3647 · Lquixada · Cross-Fetch
Name of the Vulnerable Software and Affected Versions: lquixada/cross-fetch versions prior to 3.1.5 Description: The issue is related to the exposure of private personal information to an unauthorized actor. It is associated with errors in handling files, specifically cookies, in the WHATWG Fetch...
Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
Summary Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-15168 DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor...
CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
Denial Of Service (DoS)
node-fetch is vulnerable to denial of service. The size option after following a redirect is not adhered to, which does not result in a FetchError being thrown and the process ending without failure when a content size was over the limit...
CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
DEBIAN-CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
UBUNTU-CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
Design/Logic Flaw
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
CVE-2020-15168 File size limit bypass in node-fetch
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
CVE-2020-15168
CVE-2020-15168 affects node-fetch: the size option is not honored after redirects, so large content may bypass size checks and trigger DoS risk if data is not size-checked post-fetch. Affects node-fetch before 2.6.1 and 3.0.0-beta.9; upgrade to 2.6.1 or 3.0.0-beta.9 (or later) to remediate. The c...
Denial of Service
Overview Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are...