Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vp56-6g26-6827: node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the isOriginPotentiallyTrustworthy() function in referrer.js, when processing a URL string with alternating letters and periods, such as 'http://' + 'a.a.'.repeat(i) + 'a'.

2 years ago

#dos #nodejs #js #git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-2596

node-fetch Inefficient Regular Expression Complexity

Moderate severity GitHub Reviewed Published Aug 2, 2022 • Updated Aug 4, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

npm node-fetch (npm)

Affected versions

>= 3.0.0, < 3.2.10

Description

Related news

CVE-2022-2596: fix: ReDoS referrer (#1611) · node-fetch/node-fetch@2880238

Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.

2 years ago

#dos #js #git #auth

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago