New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #19326
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This needs a MUI v5 bump to get rid of the |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Affecting Packages/Plugins
Overview
node-fetch is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a
Location
response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.Remediation
Upgrade
node-fetch
to version 2.6.7, 3.1.1 or higher.References
The text was updated successfully, but these errors were encountered: