node-fetch is vulnerable to denial of service. The size
option after following a redirect is not adhered to, which does not result in a FetchError
being thrown and the process ending without failure when a content size was over the limit.
CPE | Name | Operator | Version |
---|---|---|---|
node-fetch | le | 2.6.0 | |
node-fetch | le | 3.0.0-beta.8 | |
node-fetch | le | 2.6.0 | |
node-fetch | le | 3.0.0-beta.8 |