HIGH 8.8 npm
node-fetch forwards secure headers to untrusted sites
GHSA-r683-j2x4-v87g · CVE-2022-0235
Published · Modified
Description
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-0235
- WEB https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
- WEB https://github.com/node-fetch/node-fetch/pull/1453
- WEB https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35
- WEB https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
- WEB https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
- WEB https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- PACKAGE https://github.com/node-fetch/node-fetch
- WEB https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
- WEB https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes