Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #19326
Labels
Comments
github-actions
bot
added
help wanted
5 tasks
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This needs a MUI v5 bump to get rid of the |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affecting Packages/Plugins
Overview
node-fetch is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a
Locationresponse header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.Remediation
Upgrade
node-fetchto version 2.6.7, 3.1.1 or higher.References
The text was updated successfully, but these errors were encountered: