node-fetch — CVE history (npm)
node-fetch
3 CVEs affect the node-fetch npm package (highest CVSS 6.1). Latest disclosed: 2022-08-01. Full CVE history sourced from NVD.
Summary
- Package
node-fetch(npm)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
6.1- Latest disclosed
- 2022-08-01
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-2596 | Medium | 5.9 | — | 2022-08-01 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. |
CVE-2022-0235 | Medium | 6.1 | — | 2022-01-16 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
CVE-2020-15168 | Low | 2.6 | — | 2020-09-10 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without fail… |
All-time worst (top 3 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-0235 | Medium | 6.1 | — | 2022-01-16 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
CVE-2022-2596 | Medium | 5.9 | — | 2022-08-01 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. |
CVE-2020-15168 | Low | 2.6 | — | 2020-09-10 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without fail… |