CVE-2022-2596

CVE-2022-2596 affects node-fetch/node-fetch prior to 3.2.10, where an inefficient regular expression can lead to denial of service. The root cause is a ReDoS in isOriginPotentiallyTrustworthy() within referrer.js. Public advisories (GitHub GHSA) confirm the vulnerability and indicate the fix is t...

node-fetch 资源管理错误漏洞

node-fetch is a lightweight module that brings the Fetch API to Node.js. A resource management error vulnerability exists in node-fetch/node-fetch, which stems from a denial of service in the GitHub repository node-fetch/node-fetch in versions prior to 3.2.10...

PT-2022-17618 · Unknown · Node-Fetch

Name of the Vulnerable Software and Affected Versions: node-fetch versions prior to 3.2.10 Description: The issue is related to Inefficient Regular Expression Complexity, which can lead to a Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function. This occurs whe...

MAL-2022-3991 Malicious code in iv-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d22d43dc3fae73889f4b570379c506d709ce7f2d3602149f92e1c15176125cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iv-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d22d43dc3fae73889f4b570379c506d709ce7f2d3602149f92e1c15176125cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.4 General Availability release images. This update provides security fixes, bug fixes, and updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:1466-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1466-1 advisory. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

GHSA-R683-J2X4-V87G node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

4i18n-cli (>=0.0.2 <=0.0.7), @acneidert/devtools (=0.0.6) +60 more potentially affected by CVE-2022-0235 via node-fetch (>=3.0.0 <=3.1.0)

node-fetch NPM version =3.0.0, =0.0.2, =1.273.2, =1.0.0, =2.14.0, =2.1.0, =0.0.83, =1.0.0, =1.0.0, =0.0.3, =19.7.0, =6.2.0, =0.0.1, =4.1.1, =4.1.2 and more Source cves: CVE-2022-0235 Source advisory: OSV:GHSA-R683-J2X4-V87G...

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

Information Disclosure

node-fetch is vulnerable to information disclosure. The vulnerability exists due to the cookie header being leaked to third party site which allows an attacker to gain access to sensitive information...

DEBIAN-CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

UBUNTU-CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...