CVE-2022-2596: 
JavaScript vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-2596 was discovered in the node-fetch package, affecting versions prior to 3.2.10. The issue is characterized as an Inefficient Regular Expression Complexity vulnerability in the GitHub repository node-fetch/node-fetch (NVD, MITRE).

The vulnerability is classified as CWE-1333 (Inefficient Regular Expression Complexity) and received a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue specifically relates to the regular expression pattern used for host validation in the referrer checking functionality (GitHub Patch).

The vulnerability could lead to a Denial of Service condition when processing certain inputs. The high availability impact (A:H) in the CVSS score indicates that the vulnerability could significantly impact system availability (NVD).

The vulnerability was fixed in version 3.2.10 of node-fetch. The fix involved replacing the problematic regular expression pattern /^(.+\.)*localhost$/ with a simple string comparison url.host === 'localhost' || url.host.endsWith('.localhost') (GitHub Patch).