Lucene search
GoogleOSV:GHSA-7GC6-QH9X-W6H8HistoryApr 17, 2022 - 12:00 a.m.
Incorrect Authorization in cross-fetch
2022-04-1700:00:32
Google
osv.dev
9
0.001 Low
EPSS
Percentile
30.6%
When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.
Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .
| CPE | Name | Operator | Version |
|---|---|---|---|
| cross-fetch | lt | 3.1.5 | |
| cross-fetch | ge | 3.0.0 | |
| cross-fetch | lt | 2.2.6 |
Related
cve
cve
CVE-2022-1365
2022-04-15 23:15:08
redhatcve
redhatcve
CVE-2022-1365
2022-04-18 04:23:53
osv
osv
CVE-2022-1365
2022-04-15 23:15:08
nvd
nvd
CVE-2022-1365
2022-04-15 23:15:08
github
github
Incorrect Authorization in cross-fetch
2022-04-17 00:00:32
huntr
huntr
in lquixada/cross-fetch
2022-01-06 12:21:59
prion
prion
Cross site scripting
2022-04-15 23:15:00
cvelist
cvelist
ibm
ibm
redhat
redhat