Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to leaking the sensitive Proxy-Authorization header across cross-hostname redirects. An attacker can obtain sensitive proxy credentials by inducing...

@userfront/bell (>=5.2.3-0 <=6.0.0), ffc-auth (>=0.1.0 <=0.13.0-alpha.2) +1 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=18.0.0 <=18.0.1)

@hapi/wreck NPM version =18.0.0, =5.2.3-0, =0.1.0, =1.0.2, =1.0.4 Source cves: CVE-2026-44979 Source advisory: SNYK:JS-HAPIWRECK-16881586...

20yearrewards (>=1.0.7 <=1.0.8), 3id-test-helper (>=1.0.0 <=1.0.4) +1061 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=15.1.0 <=18.0.1)

@hapi/wreck NPM version =15.1.0, =1.0.7, =1.0.0, =0.24.0, =2.0.2, =6.8.2, =1.4.0, =1.0.0, =0.0.2, =1.0.0, =1.6.0, =1.7.10 and more Source cves: CVE-2026-44979 Source advisory: OSV:GHSA-VHJM-W67Q-G75C...