Alert IDs:
- 14843872-3b58-4168-904b-68085d3a2daf
- 413805c6-502d-49e1-803f-57bbd61c6e21
Vulnerabilities in node-fetch
Release: 1.0.125
Total Vulnerabilities: 2
Severity: MEDIUM (Score: 6.1)
Description:
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-0235
Alert ID: 14843872-3b58-4168-904b-68085d3a2daf
Severity: MEDIUM (Score: 5.3)
Description:
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15168
Alert ID: 413805c6-502d-49e1-803f-57bbd61c6e21
Alert IDs:
Vulnerabilities in node-fetch
Release: 1.0.125
Total Vulnerabilities: 2
1. CVE-2022-0235
Severity: MEDIUM (Score: 6.1)
Description:
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-0235
Alert ID: 14843872-3b58-4168-904b-68085d3a2daf
2. CVE-2020-15168
Severity: MEDIUM (Score: 5.3)
Description:
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15168
Alert ID: 413805c6-502d-49e1-803f-57bbd61c6e21