View all vulnerabilities

CVE-2022-0235

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as `authorization`, `www-authenticate`, `cookie`, & `cookie2` when redirecting to a untrusted site.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
8.7
Score Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Versions
node-fetch >= 3.0.0 < 3.1.1; node-fetch < 2.6.7
Severity
High
Ecosystem
JavaScript
Publish Date
January 21, 2022
Modified Date
November 7, 2023