VYPR

npm package

node-fetch

pkg:npm/node-fetch

Vulnerabilities (3)

  • CVE-2022-2596Aug 1, 2022
    affected >= 3.0.0, < 3.2.10fixed 3.2.10

    Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

  • CVE-2022-0235Jan 16, 2022
    affected >= 3.0.0, < 3.1.1fixed 3.1.1

    node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2020-15168Sep 10, 2020
    affected >= 2.0.0, < 2.6.1fixed 2.6.1

    node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have