8 matches found
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
Microsoft Actions Http-Client Information Disclosure Vulnerability
Microsoft Actions Http-Client is the United States Microsoft Microsoft a lightweight HTTP client. An information disclosure vulnerability exists in Microsoft Actions Http-Client NPM @actions/http-client versions prior to 1.0.8. The vulnerability stems from a configuration or other error in the...
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021 HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021
CVE-2020-11021 (Actions Http-Client) : The npm package @actions/http-client, prior to version 1.0.8, can disclose the Authorization header when a request with an Authorization header is redirected (302) to a different domain. The issue arises during redirects across hosts, allowing header leakage...
GHSA-9W6V-M7WP-JWG4 Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Impact If consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect 302 and 3. the redirect url redirects to another domain or hostname The authorization header will get passed to the other domain. Note that since this library is for...
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Impact If consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect 302 and 3. the redirect url redirects to another domain or hostname The authorization header will get passed to the other domain. Note that since this library is for...