CVE-2022-0235

Vulnerable Component Details
Type Namespace Name Version Package URL
npm None node-fetch 2.6.2 pkg:npm/node-fetch@2.6.2
Vulnerability Details
ID CVE-2022-0235
Description node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Recommendation . || State: fixed | Fix Versions: 2.6.7. || Upgrade to versions 2.6.7, 3.1.1 or above.
Ratings
Severity Score Method Vector Source
5.8 CVSSv2 AV:N/AC:M/Au:N/C:P/I:P/A:N
6.1 CVSSv3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index
References / Advisories
Weakness Enumeration