Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-y5g7-w6ur-8qaq
Summary
The `size` option isn't honored after following a redirect in node-fetch
### Impact
Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a `FetchError` would never get thrown and the process would end without failure.

For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after `fetch()` has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.

### Patches
We released patched versions for both stable and beta channels:

- For `v2`: 2.6.1
- For `v3`: 3.0.0-beta.9

### Workarounds
None, it is strongly recommended to update as soon as possible.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [node-fetch](https://github.com/node-fetch/node-fetch/issues/new?assignees=&labels=question&template=support-or-usage.md&title=Question%3A+)
* Contact one of the core maintainers.
Aliases
0
alias CVE-2020-15168
1
alias GHSA-w7rc-rwvf-8q5r
Fixed_packages
0
url pkg:deb/debian/node-fetch@2.6.1-2?distro=trixie
purl pkg:deb/debian/node-fetch@2.6.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@2.6.1-2%3Fdistro=trixie
1
url pkg:deb/debian/node-fetch@2.6.1-5%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-fetch@2.6.1-5%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@2.6.1-5%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/node-fetch@2.6.1-5%2Bdeb11u1
purl pkg:deb/debian/node-fetch@2.6.1-5%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@2.6.1-5%252Bdeb11u1
3
url pkg:deb/debian/node-fetch@3.3.0%2B~cs11.4.11-2?distro=trixie
purl pkg:deb/debian/node-fetch@3.3.0%2B~cs11.4.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@3.3.0%252B~cs11.4.11-2%3Fdistro=trixie
4
url pkg:deb/debian/node-fetch@3.3.2%2B~cs11.4.11-3?distro=trixie
purl pkg:deb/debian/node-fetch@3.3.2%2B~cs11.4.11-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@3.3.2%252B~cs11.4.11-3%3Fdistro=trixie
5
url pkg:npm/node-fetch@2.6.1
purl pkg:npm/node-fetch@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.6.1
6
url pkg:npm/node-fetch@3.0.0-beta.9
purl pkg:npm/node-fetch@3.0.0-beta.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.0.0-beta.9
Affected_packages
0
url pkg:deb/debian/node-fetch@1.7.3-1
purl pkg:deb/debian/node-fetch@1.7.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-fetch@1.7.3-1
1
url pkg:npm/node-fetch@0.1.0
purl pkg:npm/node-fetch@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@0.1.0
2
url pkg:npm/node-fetch@1.0.0
purl pkg:npm/node-fetch@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.0
3
url pkg:npm/node-fetch@1.0.1
purl pkg:npm/node-fetch@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.1
4
url pkg:npm/node-fetch@1.0.2
purl pkg:npm/node-fetch@1.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.2
5
url pkg:npm/node-fetch@1.0.3
purl pkg:npm/node-fetch@1.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.3
6
url pkg:npm/node-fetch@1.0.4
purl pkg:npm/node-fetch@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.4
7
url pkg:npm/node-fetch@1.0.5
purl pkg:npm/node-fetch@1.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.5
8
url pkg:npm/node-fetch@1.0.6
purl pkg:npm/node-fetch@1.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.0.6
9
url pkg:npm/node-fetch@1.1.0
purl pkg:npm/node-fetch@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.1.0
10
url pkg:npm/node-fetch@1.1.1
purl pkg:npm/node-fetch@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.1.1
11
url pkg:npm/node-fetch@1.1.2
purl pkg:npm/node-fetch@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.1.2
12
url pkg:npm/node-fetch@1.2.0
purl pkg:npm/node-fetch@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.2.0
13
url pkg:npm/node-fetch@1.2.1
purl pkg:npm/node-fetch@1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.2.1
14
url pkg:npm/node-fetch@1.3.0
purl pkg:npm/node-fetch@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.3.0
15
url pkg:npm/node-fetch@1.3.1
purl pkg:npm/node-fetch@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.3.1
16
url pkg:npm/node-fetch@1.3.2
purl pkg:npm/node-fetch@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.3.2
17
url pkg:npm/node-fetch@1.3.3
purl pkg:npm/node-fetch@1.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.3.3
18
url pkg:npm/node-fetch@1.4.0
purl pkg:npm/node-fetch@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.4.0
19
url pkg:npm/node-fetch@1.4.1
purl pkg:npm/node-fetch@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.4.1
20
url pkg:npm/node-fetch@1.5.0
purl pkg:npm/node-fetch@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.5.0
21
url pkg:npm/node-fetch@1.5.1
purl pkg:npm/node-fetch@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.5.1
22
url pkg:npm/node-fetch@1.5.2
purl pkg:npm/node-fetch@1.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.5.2
23
url pkg:npm/node-fetch@1.5.3
purl pkg:npm/node-fetch@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.5.3
24
url pkg:npm/node-fetch@1.6.0
purl pkg:npm/node-fetch@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.6.0
25
url pkg:npm/node-fetch@1.6.1
purl pkg:npm/node-fetch@1.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.6.1
26
url pkg:npm/node-fetch@1.6.2
purl pkg:npm/node-fetch@1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.6.2
27
url pkg:npm/node-fetch@1.6.3
purl pkg:npm/node-fetch@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.6.3
28
url pkg:npm/node-fetch@1.7.0
purl pkg:npm/node-fetch@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.7.0
29
url pkg:npm/node-fetch@1.7.1
purl pkg:npm/node-fetch@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.7.1
30
url pkg:npm/node-fetch@1.7.2
purl pkg:npm/node-fetch@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.7.2
31
url pkg:npm/node-fetch@1.7.3
purl pkg:npm/node-fetch@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@1.7.3
32
url pkg:npm/node-fetch@2.0.0-alpha.1
purl pkg:npm/node-fetch@2.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.1
33
url pkg:npm/node-fetch@2.0.0-alpha.3
purl pkg:npm/node-fetch@2.0.0-alpha.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.3
34
url pkg:npm/node-fetch@2.0.0-alpha.4
purl pkg:npm/node-fetch@2.0.0-alpha.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.4
35
url pkg:npm/node-fetch@2.0.0-alpha.5
purl pkg:npm/node-fetch@2.0.0-alpha.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.5
36
url pkg:npm/node-fetch@2.0.0-alpha.6
purl pkg:npm/node-fetch@2.0.0-alpha.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.6
37
url pkg:npm/node-fetch@2.0.0-alpha.7
purl pkg:npm/node-fetch@2.0.0-alpha.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.7
38
url pkg:npm/node-fetch@2.0.0-alpha.8
purl pkg:npm/node-fetch@2.0.0-alpha.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.8
39
url pkg:npm/node-fetch@2.0.0-alpha.9
purl pkg:npm/node-fetch@2.0.0-alpha.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0-alpha.9
40
url pkg:npm/node-fetch@2.0.0
purl pkg:npm/node-fetch@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.0.0
41
url pkg:npm/node-fetch@2.1.0
purl pkg:npm/node-fetch@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.1.0
42
url pkg:npm/node-fetch@2.1.1
purl pkg:npm/node-fetch@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.1.1
43
url pkg:npm/node-fetch@2.1.2
purl pkg:npm/node-fetch@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.1.2
44
url pkg:npm/node-fetch@2.2.0
purl pkg:npm/node-fetch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.2.0
45
url pkg:npm/node-fetch@2.2.1
purl pkg:npm/node-fetch@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.2.1
46
url pkg:npm/node-fetch@2.3.0
purl pkg:npm/node-fetch@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.3.0
47
url pkg:npm/node-fetch@2.4.0
purl pkg:npm/node-fetch@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.4.0
48
url pkg:npm/node-fetch@2.4.1
purl pkg:npm/node-fetch@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.4.1
49
url pkg:npm/node-fetch@2.5.0
purl pkg:npm/node-fetch@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.5.0
50
url pkg:npm/node-fetch@2.6.0
purl pkg:npm/node-fetch@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x4yh-ez8g-6ya1
1
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.6.0
51
url pkg:npm/node-fetch@3.0.0-beta.1
purl pkg:npm/node-fetch@3.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.0.0-beta.1
52
url pkg:npm/node-fetch@3.0.0-beta.8
purl pkg:npm/node-fetch@3.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.0.0-beta.8
53
url pkg:npm/node-fetch@3.0.0
purl pkg:npm/node-fetch@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ebme-b1mh-qygu
1
vulnerability VCID-x4yh-ez8g-6ya1
2
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.0.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15168.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15168
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23181
published_at 2026-04-24T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23373
published_at 2026-04-21T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29987
published_at 2026-04-01T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.30028
published_at 2026-04-02T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.30074
published_at 2026-04-04T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.29888
published_at 2026-04-07T12:55:00Z
6
value 0.00114
scoring_system epss
scoring_elements 0.29949
published_at 2026-04-08T12:55:00Z
7
value 0.00114
scoring_system epss
scoring_elements 0.29985
published_at 2026-04-09T12:55:00Z
8
value 0.00114
scoring_system epss
scoring_elements 0.29991
published_at 2026-04-11T12:55:00Z
9
value 0.00114
scoring_system epss
scoring_elements 0.29945
published_at 2026-04-12T12:55:00Z
10
value 0.00114
scoring_system epss
scoring_elements 0.29896
published_at 2026-04-13T12:55:00Z
11
value 0.00114
scoring_system epss
scoring_elements 0.29913
published_at 2026-04-16T12:55:00Z
12
value 0.00114
scoring_system epss
scoring_elements 0.29893
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15168
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15168
3
reference_url https://github.com/node-fetch/node-fetch
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch
4
reference_url https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334
5
reference_url https://github.com/node-fetch/node-fetch/commit/eaff0094c4dfdd5b78711a8c4f1b61e33d282072
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/commit/eaff0094c4dfdd5b78711a8c4f1b61e33d282072
6
reference_url https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15168
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15168
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1882329
reference_id 1882329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1882329
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970173
reference_id 970173
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970173
10
reference_url https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
reference_id GHSA-w7rc-rwvf-8q5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
2
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score0.1 - 5.3
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-y5g7-w6ur-8qaq