Описание
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
node-fetch | fixed | 2.6.1-7 | package | |
node-fetch | fixed | 2.6.1-5+deb11u1 | bullseye | package |
Примечания
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
EPSS
Процентиль: 67%
0.00556
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 3 лет назад
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVSS3: 6.1
redhat
больше 3 лет назад
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVSS3: 6.1
nvd
больше 3 лет назад
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVSS3: 8.8
github
больше 3 лет назад
node-fetch forwards secure headers to untrusted sites
EPSS
Процентиль: 67%
0.00556
Низкий