Ubuntu: Security Advisory (USN-6158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6158-1 node-fetch vulnerability

It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information...

USN-6158-1: Node Fetch vulnerability

It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information...

Ubuntu 18.04 ESM / 20.04 LTS : Node Fetch vulnerability (USN-6158-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6158-1 advisory. It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url wi...

Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-15168 DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

SUSE CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

SUSE CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

SUSE CVE-2022-2596

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0612 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

RHEL 8 : nodejs:14 (RHSA-2023:0050)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0050 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Moderate: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

[SECURITY] [DLA 3222-1] node-fetch security update

Debian LTS Advisory DLA-3222-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 05, 2022 https://wiki.debian.org/LTS Package : node-fetch Version : 1.7.3-1+deb10u1 CVE ID : CVE-2022-0235 ranjit-git discovered an information leak vulnerability in node-fetch,...

DLA-3222-1 node-fetch - security update

Bulletin has no description...

Debian dla-3222 : node-fetch - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3222 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3222-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3222-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...