2113943 – (CVE-2022-2596) CVE-2022-2596 node-fetch: Denial of Service in GitHub repository node-fetch

Bug 2113943 (CVE-2022-2596) - CVE-2022-2596 node-fetch: Denial of Service in GitHub repository node-fetch

Summary: CVE-2022-2596 node-fetch: Denial of Service in GitHub repository node-fetch

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-2596
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2115194
Blocks:	2113805
TreeView+	depends on / blocked

Reported:	2022-08-02 11:37 UTC by Avinash Hanwate
Modified:	2023-09-01 03:52 UTC (History)
CC List:	152 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the node-fetch package. Affected 3.x versions of the node-fetch package are vulnerable to denial of service attacks, affecting system availability.
Clone Of:
Environment:
Last Closed:	2022-09-02 09:33:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2022-08-02 11:37:52 UTC

Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.

https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d
https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7

Comment 2 Avinash Hanwate 2022-08-04 05:31:43 UTC

Created dotnet6.0 tracking bugs for this issue:

Affects: fedora-all [bug 2115194]

Comment 4 Product Security DevOps Team 2022-09-02 09:33:26 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2596

Note You need to log in before you can comment on or make changes to this bug.

afm404
agerstmayr
aileenc
alazarot
amctagga
andrew.slice
anstephe
aoconnor
asoldano
aturgema
balejosg
bbaranow
bbuckingham
bcourt
bmaxwell
bmontgom
bniver
bodavis
brian.stansberry
btotty
caillon+fedoraproject
candlepin-bugs
cdewolf
chazlett
dan.cermak
darran.lofthouse
dbhole
dfediuck
dkreling
dmitry
dosoudil
dwhatley
dymurray
ehelms
emachado
emingora
eparis
erack
eric.wittmann
etamir
extras-orphan
fjuma
flucifre
fmuellner
fzatlouk
gecko-bugs-nobody
gmeno
go-sig
gparvin
grafana-maint
ibek
ibolton
i.ucar86
iweiss
janstey
jburrell
jcajka
jchecahi
jhadvig
jhorak
jistone
jkozol
jmatthew
jmontleo
jochrist
jpadman
jpavlik
jramanat
jrokos
jross
jshaughn
jsherril
jstastny
jwendell
jwon
kai-engert-fedora
kanderso
klember
krathod
kverlaen
ldap-maint
lemenkov
lgao
lvaleeva
lzap
mattias.ellert
mbenjamin
mgoodwin
mhackett
mhulan
michal.skrivanek
michel
mmccune
mnewsome
mnovotny
mokumar
mosmerov
mperina
mpitt
msochure
msvehla
mwringe
myarboro
nathans
nbecker
njean
nmoumoul
nobody
nstielau
nwallace
ocs-bugs
omajid
openstack-sig
orabin
osbuilders
oskutka
ovanders
pabelanger
pahickey
pantinor
pcreech
peholase
pjindal
ploffay
pmackay
rcernich
rchan
rgodfrey
rguimara
rrajasek
rstancel
rsvoboda
rwagner
sbonazzo
scorneli
sgratch
sipoyare
slucidi
smaestri
sostapov
sponnaga
sseago
stcannon
stransky
tom.jenkinson
tpopela
tstellar
twalsh
tzimanyi
user-cont-team+packit-fas
vereddy
zebob.m