vulnerability
Oracle Linux: CVE-2022-0235: ELSA-2023-0050: nodejs:14 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:C/I:N/A:N) | Jan 14, 2022 | Jan 10, 2023 | Jan 8, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
Jan 14, 2022
Added
Jan 10, 2023
Modified
Jan 8, 2025
Description
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.
Solution(s)
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.