Summary
| Detail | |||
|---|---|---|---|
| Vendor | Node-Fetch Project | First view | 2020-09-10 |
| Product | Node-Fetch | Last view | 2022-08-01 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.9 | 2022-08-01 | CVE-2022-2596 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. |
| 6.1 | 2022-01-16 | CVE-2022-0235 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
| 5.3 | 2020-09-10 | CVE-2020-15168 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
