CVE-2022-2596 — MEDIUM (5.9)

Q: What is CVE-2022-2596?

CVE-2022-2596 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

Q: How severe is CVE-2022-2596?

CVE-2022-2596 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2596?

Check the references section above for vendor advisories and patch information. Affected products include: Node-Fetch Project Node-Fetch.

Vulnerability Description

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Node-Fetch Project	Node-Fetch	>= 3.0.0, < 3.2.10

Related Weaknesses (CWE)

CWE-1333

References

https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597PatchThird Party Advisory
https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7ExploitPatchThird Party Advisory
https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597PatchThird Party Advisory
https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7ExploitPatchThird Party Advisory

FAQ

What is CVE-2022-2596?

CVE-2022-2596 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

How severe is CVE-2022-2596?

CVE-2022-2596 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2596?

Check the references section above for vendor advisories and patch information. Affected products include: Node-Fetch Project Node-Fetch.