Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-0235

Good to know:

icon
icon

Date: January 15, 2022

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Language: JS

Severity Score

Related Resources (13)

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://access.redhat.com/security/cve/CVE-2022-0235
https://security-tracker.debian.org/tracker/CVE-2022-0235
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
https://github.com/node-fetch/node-fetch/pull/1453
https://nvd.nist.gov/vuln/detail/CVE-2022-0235
https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html
https://github.com/node-fetch/node-fetch
https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35
https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
https://www.mend.io/vulnerability-database/CVE-2022-0235

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Improper Handling of Alternate Encoding

CWE-173

Top Fix

icon

Upgrade Version

Upgrade to version node-fetch - 2.6.7;node-fetch - 3.1.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us