Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #23038

github-actions · 2024-02-17T16:17:23Z

Affecting Packages/Plugins

@backstage/plugin-graphql-voyager

Overview

node-fetch is a light-weight module that brings window.fetch to node.js

Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.

Remediation

Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.

References

The text was updated successfully, but these errors were encountered:

github-actions · 2024-04-17T16:22:58Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions bot added help wanted Help/Contributions wanted from community members snyk-vulnerability labels Feb 17, 2024

github-actions bot added the stale label Apr 17, 2024

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #23038

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #23038

github-actions bot commented Feb 17, 2024

github-actions bot commented Apr 17, 2024

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #23038

Snyk vulnerability [SNYK-JS-NODEFETCH-2342118] #23038

Comments

github-actions bot commented Feb 17, 2024

Affecting Packages/Plugins

Overview

Remediation

References

github-actions bot commented Apr 17, 2024