Node-Fetch Project Node-Fetch vulnerabilities
3 known vulnerabilities affecting node-fetch_project/node-fetch.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-2596MEDIUMCVSS 5.9≥ 3.0.0, < 3.2.102022-08-01
CVE-2022-2596 [MEDIUM] CWE-1333 CVE-2022-2596: Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.
ghsanvdosv
CVE-2022-0235MEDIUMCVSS 6.1fixed in 2.6.7≥ 3.0.0, < 3.1.12022-01-16
CVE-2022-0235 [MEDIUM] CWE-200 CVE-2022-0235: node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
ghsanvdosv
CVE-2020-15168MEDIUMCVSS 5.3fixed in 2.6.1v3.0.02020-09-10
CVE-2020-15168 [MEDIUM] CWE-20 CVE-2020-15168: node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a re
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate
ghsanvdosv