π¦ Affected Dependency Package: node-fetch Vulnerability: Information Exposure (leaking sensitive details via error messages or responses) CVE ID: CVE-2022-0235 Severity: Medium Affected Versions: <2.6.7, <3.1.1 Patched Versions: For v2.x: 2.6.7 For v3.x: 3.1.1 𧨠Description node-fetch had a flaw where certain internal response or redirect data (including URLs and headers) could be exposed in logs or responses unintentionally. This could lead to: Leaking authentication tokens, API keys, or user session data Revealing internal infrastructure URLs in error messages Assisting attackers in reconnaissance or chaining other exploits π Potential Impact Internal server URLs, headers, or tokens could be exposed to logs or clients Risks increase in applications using custom fetch wrappers or verbose error logging
π¦ Affected Dependency Package: node-fetch Vulnerability: Information Exposure (leaking sensitive details via error messages or responses) CVE ID: CVE-2022-0235 Severity: Medium Affected Versions: <2.6.7, <3.1.1 Patched Versions: For v2.x: 2.6.7 For v3.x: 3.1.1 𧨠Description node-fetch had a flaw where certain internal response or redirect data (including URLs and headers) could be exposed in logs or responses unintentionally. This could lead to: Leaking authentication tokens, API keys, or user session data Revealing internal infrastructure URLs in error messages Assisting attackers in reconnaissance or chaining other exploits π Potential Impact Internal server URLs, headers, or tokens could be exposed to logs or clients Risks increase in applications using custom fetch wrappers or verbose error logging