Moderate severityNVD Advisory· Published Apr 15, 2022· Updated Aug 3, 2024
Exposure of Private Personal Information to an Unauthorized Actor in lquixada/cross-fetch
CVE-2022-1365
Description
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cross-fetchnpm | >= 3.0.0, < 3.1.5 | 3.1.5 |
cross-fetchnpm | < 2.2.6 | 2.2.6 |
Affected products
2- lquixada/lquixada/cross-fetchv5Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-7gc6-qh9x-w6h8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1365ghsaADVISORY
- github.com/lquixada/cross-fetch/commit/a3b3a9481091ddd06b8f83784ba9c4e034dc912aghsax_refsource_MISCWEB
- github.com/lquixada/cross-fetch/pull/135ghsaWEB
- huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264acghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.