search

developit / unfetch

🐕 Bare minimum 500b fetch polyfill.
https://npm.im/unfetch
MIT License
5.71k stars 200 forks source link

Vulnerability in Node-Fetch #155

Closed robreinhard closed 1 year ago

robreinhard commented 2 years ago

There is a vulnerability in node-fetch, please considering upgrading of package high priority:

https://github.com/developit/unfetch/pull/154 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/

@developit

dalhaan commented 2 years ago

Any updates on this?

Eliza-Huang commented 1 year ago

Any updates on this? Looks like there's an open PR for this https://github.com/developit/unfetch/pull/156

developit commented 1 year ago

This is fixed as of isomorphic-unfetch 4.0.1.