Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2596: fix: ReDoS referrer (#1611) · node-fetch/node-fetch@2880238

Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.

CVE
Open in Source
#dos#js#git#auth

Browse files

fix: ReDoS referrer (#1611)

* fix ReDoS referrer

* Update src/utils/referrer.js

Eliminate regex and use string matcher

Co-authored-by: Linus Unnebäck [email protected]

Co-authored-by: Khang. Võ Vĩ [email protected] Co-authored-by: Linus Unnebäck [email protected]

  • Loading branch information

3 people committed

Jul 31, 2022

1 parent e87b093 commit 28802387292baee467e042e168d92597b5bbbe3d

Related news

GHSA-vp56-6g26-6827: node-fetch Inefficient Regular Expression Complexity

[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE