The `size` option isn't honored after following a redirect in node-fetch
- Severity:
- Low
Description
Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.
For most people, this fix will have a little or no impact.
Recommendation
Update the node-fetch package to the latest compatible version. Followings are version details:
Affected version(s): **>= 2.0.0, < 2.6.1 >= 3.0.0-beta.1, <= 3.0.0-beta.8** Patched version(s): **2.6.1 3.0.0-beta.9**
References
Related Issues
- node-fetch Inefficient Regular Expression Complexity - CVE-2022-2596
- node-fetch forwards secure headers to untrusted sites - CVE-2022-0235
- Prototype Pollution in node-oojs - CVE-2020-7721
- Cross-site scripting in SocksJS-node - CVE-2020-8823
- Tags:
- npm
- node-fetch
Anything's wrong? Let us know Last updated on July 15, 2024