node-fetch is vulnerable to information disclosure. The vulnerability exists due to the cookie header being leaked to third party site which allows an attacker to gain access to sensitive information.
cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80
huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
lists.debian.org/debian-lts-announce/2022/12/msg00007.html