Lucene search
AnonymousNODEJS:1715HistoryMay 18, 2021 - 1:57 a.m.
Credential leak in react-native-fast-image
2021-05-1801:57:51
Anonymous
www.npmjs.com
52
react-native-fast-image
credential leak
security vulnerability
version 8.3.0
cve-2020-7696
github advisory
EPSS
0.001
Percentile
47.8%
Overview
This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source={{uri: “…”, headers: { host: “somehost.com”, authorization: “…” }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
Recommendation
Upgrade to version 8.3.0 or later
References
Related
osv
osv
Credential leak in react-native-fast-image
2021-05-18 01:52:54
cvelist
cvelist
CVE-2020-7696 Information Exposure
2020-07-17 09:25:15
nvd
nvd
CVE-2020-7696
2020-07-17 10:15:12
github
github
Credential leak in react-native-fast-image
2021-05-18 01:52:54
prion
prion
Authorization
2020-07-17 10:15:00
cve
cve
CVE-2020-7696
2020-07-17 10:15:12