Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Fix CVE–2022–0235 #401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
debricked wants to merge 1 commit into from
Closed

Fix CVE–2022–0235 #401

debricked wants to merge 1 commit into from

Conversation

@debricked
Copy link
Contributor

@debricked debricked bot commented Jul 18, 2022

CVE–2022–0235

Vulnerable dependency:     node-fetch (npm)    3.0.0-beta.9

Vulnerability details

Description

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

NVD

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

GitHub

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

CVSS details - 6.1

 

CVSS3 metrics
Attack Vector Network
Attack Complexity Low
Privileges Required None
User interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None
References

    node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor · CVE-2022-0235 · GitHub Advisory Database · GitHub
    NVD - CVE-2022-0235
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability found in node-fetch
    3.1.1 release (#1451) · node-fetch/node-fetch@36e47e8 · GitHub
    Create SECURITY.md by JamieSlome · Pull Request #1445 · node-fetch/node-fetch · GitHub
    Potential security issue · Issue #1443 · node-fetch/node-fetch · GitHub
    GitHub - node-fetch/node-fetch: A light-weight module that brings the Fetch API to Node.js
    backport of #1449 by jimmywarting · Pull Request #1453 · node-fetch/node-fetch · GitHub
    fix(Headers): don't forward secure headers to 3th party by jimmywarting · Pull Request #1449 · node-fetch/node-fetch · GitHub
    fix(Headers): don't forward secure headers to 3th party · node-fetch/node-fetch@5c32f00 · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE

 

@ghost
Copy link

ghost commented Jul 18, 2022

👇 Click on the image for a new way to code review

  • Make big changes easier — review code in small groups of related files

  • Know where to start — see the whole change at a glance

  • Take a code tour — explore the change with an interactive tour

  • Make comments and review — all fully sync’ed with github

    Try it now!

Review these changes using an interactive CodeSee Map

Legend

CodeSee Map Legend

@suculent suculent closed this Jan 10, 2023
@suculent suculent deleted the debricked-fix-CVE_2022_0235-69fe76913f679820 branch November 9, 2023 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suculent
Morty Proxy This is a proxified and sanitized view of the page, visit original site.