Lucene search
PRIOn knowledge basePRION:CVE-2020-15168HistorySep 10, 2020 - 7:15 p.m.
Design/Logic Flaw
2020-09-1019:15:00
PRIOn knowledge base
www.prio-n.com
12
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don’t double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
| CPE | Name | Operator | Version |
|---|---|---|---|
| node-fetch | lt | 2.6.1 | |
| node-fetch | eq | 3.0.0 beta1 | |
| node-fetch | eq | 3.0.0 beta5 | |
| node-fetch | eq | 3.0.0 beta6 | |
| node-fetch | eq | 3.0.0 beta7 | |
| node-fetch | eq | 3.0.0 beta8 |
Related
cvelist
cvelist
CVE-2020-15168 File size limit bypass in node-fetch
2020-09-10 18:25:13
github
github
The `size` option isn't honored after following a redirect in node-fetch
2020-09-10 17:46:21
ibm
ibm
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2020-15168)
2021-01-05 12:36:25
ubuntucve
ubuntucve
CVE-2020-15168
2020-09-10 00:00:00
nodejs
nodejs
Denial of Service
2020-09-10 17:55:53
cve
cve
CVE-2020-15168
2020-09-10 19:15:13
redhatcve
redhatcve
CVE-2020-15168
2020-09-24 10:46:39
osv
osv
CVE-2020-15168
2020-09-10 19:15:13
The `size` option isn't honored after following a redirect in node-fetch
2020-09-10 17:46:21
nvd
nvd
CVE-2020-15168
2020-09-10 19:15:13
debiancve
debiancve
CVE-2020-15168
2020-09-10 19:15:13
veracode
veracode
Denial Of Service (DoS)
2020-09-11 03:20:47