cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor

A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.4 General Availability release images. This update provides security fixes, bug fixes, and updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...

CVE-2022-1365

A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked...

Withdrawn Advisory: Incorrect Authorization in cross-fetch

Withdrawn Advisory This advisory has been withdrawn because the vulnerability originates from a dependency. For more information, see the Maintainer comments in https://huntr.com/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac. Original Description When fetching a remote url with Cookie if it get...

GHSA-7GC6-QH9X-W6H8 Withdrawn Advisory: Incorrect Authorization in cross-fetch

Withdrawn Advisory This advisory has been withdrawn because the vulnerability originates from a dependency. For more information, see the Maintainer comments in https://huntr.com/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac. Original Description When fetching a remote url with Cookie if it get...

cross-fetch 安全漏洞

cross-fetch is a generic WHATWG Fetch API for nodes, browsers, and React Native by Leonardo Quixada, an individual developer in the United States. A security vulnerability exists in cross-fetch that stems from exposing private personal information to unauthorized participants in the GitHub...

in lquixada/cross-fetch

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

PT-2022-3647 · Lquixada · Cross-Fetch

Name of the Vulnerable Software and Affected Versions: lquixada/cross-fetch versions prior to 3.1.5 Description: The issue is related to the exposure of private personal information to an unauthorized actor. It is associated with errors in handling files, specifically cookies, in the WHATWG Fetch...