1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6158-1

[USN-6158-1] Node Fetch vulnerability

Severity Medium
Affected Packages 2
CVEs 1
Info Packages Vulnerabilities

Node Fetch could be made to expose sensitive information if it opened a specially crafted file.

It was discovered that Node Fetch incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
sensitive information.

Package Affected Version
pkg:deb/ubuntu/node-fetch?distro=focal < 1.7.3-2ubuntu0.1
pkg:deb/ubuntu/node-fetch?distro=bionic < 1.7.3-1ubuntu0.1~esm1
ID
USN-6158-1
Severity
medium
Severity from
CVE-2022-0235
URL
https://ubuntu.com/security/notices/USN-6158-1
Published
2023-06-13T14:07:10
(15 months ago)
Modified
2023-06-13T14:07:10
(15 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/node-fetch?distro=focal ubuntu node-fetch < 1.7.3-2ubuntu0.1 focal
Affected pkg:deb/ubuntu/node-fetch?distro=bionic ubuntu node-fetch < 1.7.3-1ubuntu0.1~esm1 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date