Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer
field in the fetch()
function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer
field, the program will either hang or crash.
CPE | Name | Operator | Version |
---|---|---|---|
node-fetch | le | 3.2.9 | |
node-fetch | le | 3.2.9 |