Search for packages
| purl | pkg:npm/node-fetch@3.2.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ebme-b1mh-qygu
Aliases: CVE-2022-2596 GHSA-vp56-6g26-6827 |
node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:06:35.984854+00:00 | GitLab Importer | Affected by | VCID-ebme-b1mh-qygu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml | 38.4.0 |
| 2026-04-11T23:22:45.744947+00:00 | GitLab Importer | Affected by | VCID-ebme-b1mh-qygu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml | 38.3.0 |
| 2026-04-02T23:29:26.019990+00:00 | GitLab Importer | Affected by | VCID-ebme-b1mh-qygu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml | 38.1.0 |
| 2026-04-01T17:50:48.901206+00:00 | GitLab Importer | Affected by | VCID-ebme-b1mh-qygu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml | 38.0.0 |