You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
node-fetch is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.
Remediation
Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.
Affecting Packages/Plugins
Overview
node-fetch is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a
Location
response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.Remediation
Upgrade
node-fetch
to version 2.6.7, 3.1.1 or higher.References
The text was updated successfully, but these errors were encountered: