Browse all 3 CVE security advisories affecting node-fetch. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Node-fetch is a lightweight HTTP client for Node.js, enabling server-side data fetching and API interactions. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often due to improper input validation or insecure handling of URLs and headers. Notable security characteristics include its widespread adoption in serverless environments and dependency chains, which amplifies potential impact. A major incident in 2020 revealed a critical RCE flaw (CVE-2021-22963) through improper redirect handling, affecting numerous applications. Despite these issues, node-fetch remains a core tool for HTTP requests, requiring developers to implement strict input validation and keep dependencies updated to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-2596 | Inefficient Regular Expression Complexity in node-fetch/node-fetch — node-fetch/node-fetchCWE-1333 | 5.9 | Medium | 2022-08-01 |
| CVE-2022-0235 | Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch — node-fetch/node-fetchCWE-200 | 7.1 | - | 2022-01-16 |
This page lists every published CVE security advisory associated with node-fetch. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.