npm package
node-fetch
pkg:npm/node-fetch
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2596 | — | >= 3.0.0, < 3.2.10 | 3.2.10 | Aug 1, 2022 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | ||
| CVE-2022-0235 | — | >= 3.0.0, < 3.1.1 | 3.1.1 | Jan 16, 2022 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2020-15168 | — | >= 2.0.0, < 2.6.1 | 2.6.1 | Sep 10, 2020 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have |
- CVE-2022-2596Aug 1, 2022affected >= 3.0.0, < 3.2.10fixed 3.2.10
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.
- CVE-2022-0235Jan 16, 2022affected >= 3.0.0, < 3.1.1fixed 3.1.1
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
- CVE-2020-15168Sep 10, 2020affected >= 2.0.0, < 2.6.1fixed 2.6.1
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have