node-fetch-2.6.1.tgz: 1 vulnerabilities (highest severity is: 5.3) [main] (unreachable) #21
Description
📂 Vulnerable Library - node-fetch-2.6.1.tgz
A light-weight module that brings window.fetch to node.js
Findings
| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2022-0235 | 🟠 Medium | 5.3 | Not Defined | < 1% | node-fetch-2.6.1.tgz | Direct | https://github.com/node-fetch/node-fetch.git - no_fix,node-fetch - 3.1.1,node-fetch - 2.6.7 | ✅ |  Unreachable |
Details
🟠CVE-2022-0235
Vulnerable Library - node-fetch-2.6.1.tgz
A light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz
Dependency Hierarchy:
-
actions-toolkit-4.0.0.tgz (Root Library)
- rest-17.9.2.tgz
- core-2.5.3.tgz
- request-5.4.4.tgz
- ❌ node-fetch-2.6.1.tgz (Vulnerable Library)
- request-5.4.4.tgz
- core-2.5.3.tgz
- rest-17.9.2.tgz
-
❌ node-fetch-2.6.1.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Publish Date: Jan 16, 2022 12:00 AM
URL: CVE-2022-0235
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/CVE-2022-0235
Release Date: Jan 16, 2022 12:00 AM
Fix Resolution : https://github.com/node-fetch/node-fetch.git - no_fix,node-fetch - 3.1.1,node-fetch - 2.6.7