Summary:
Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.
Details:
nodejs-cve20222596-dos (232616) - reported on 2022-07-31 (Format: yyyy-mm-dd)
Node.js node-fetch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the isOriginPotentiallyTrustworthy() function in the referrer.js script. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
Consequences: Denial of Service
Remedy:
Upgrade to the latest version of Node.js node-fetch module (3.2.10 or later), available from the NPM Web site. See References.
adrai
commented
2 years ago
Summary: Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.
Details: nodejs-cve20222596-dos (232616) - reported on 2022-07-31 (Format: yyyy-mm-dd)
Node.js node-fetch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the isOriginPotentiallyTrustworthy() function in the referrer.js script. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
Consequences: Denial of Service
Remedy: Upgrade to the latest version of Node.js node-fetch module (3.2.10 or later), available from the NPM Web site. See References.
and plans of updating the version to latest