CVE-2022-0235

About vulnerability

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Affected product:

Acorn , Bootstrap , Next.js , Node.js , React , amp-toolbox , boxen , check-updates , cross-fetch , cross-spawn , execa , fbjs , isomorphic-fetch , jpm , loopback , loopback-connector , loopback-connector-remote , loopback-datasource-juggler , loopback-phase , opencollective-cli , os-locale , prop-types , semantic-release , semver , strong-globalize , strong-remoting , term-size , update-notifier , webpack , yargs

Affected packages:

node-fetch @ 2.6.1 (+67 more)

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor