Vulnerabilities |
1 via 12 paths |
|---|---|
Dependencies |
42 |
Source |
npm |
Find a vulnerability free version of @octokit/auth-app
|
View @octokit/auth-app package health on Snyk Advisor
Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: node-fetch
- Introduced through: @octokit/request@5.6.2, @octokit/auth-oauth-user@1.3.0 and others
Detailed paths
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-user@1.3.0 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-user@1.3.0 › @octokit/oauth-methods@1.2.6 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-user@1.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-user@1.3.0 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-user@1.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/oauth-methods@1.2.6 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/oauth-methods@1.2.6 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-user@1.3.0 › @octokit/oauth-methods@1.2.6 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-user@1.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/request@5.6.2 › node-fetch@2.6.7
-
Introduced through: @octokit/auth-app@3.6.1 › @octokit/auth-oauth-app@4.3.0 › @octokit/auth-oauth-user@1.3.0 › @octokit/auth-oauth-device@3.1.2 › @octokit/oauth-methods@1.2.6 › @octokit/request@5.6.2 › node-fetch@2.6.7
Overview
node-fetch is a light-weight module that brings window.fetch to node.js
Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.
Remediation
Upgrade node-fetch to version 3.1.1 or higher.