Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #18087

github-actions · 2023-06-02T08:10:40Z

Affecting Packages/Plugins

@backstage/plugin-graphql-voyager

Overview

node-fetch is a light-weight module that brings window.fetch to node.js

Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.

Remediation

Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.

References

The text was updated successfully, but these errors were encountered:

github-actions · 2023-08-01T08:18:20Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions bot added help wanted Help/Contributions wanted from community members snyk-vulnerability labels Jun 2, 2023

github-actions bot added the stale label Aug 1, 2023

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #18087

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #18087

github-actions bot commented Jun 2, 2023

github-actions bot commented Aug 1, 2023

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #18087

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #18087

Comments

github-actions bot commented Jun 2, 2023

Affecting Packages/Plugins

Overview

Remediation

References

github-actions bot commented Aug 1, 2023