9 matches found
SUSE CVE-2022-0355
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1...
3drudder-js (>=1.0.0 <=2.0.7), @131/fuse-bindings (>=2.11.0 <=2.11.1) +833 more potentially affected by CVE-2022-0355 via simple-get (>=1.4.3 <=2.7.1)
simple-get NPM version =1.4.3, =1.0.0, =2.11.0, =1.16.0, =1.0.2, =1.0.0, =1.0.0, =1.0.8, =1.0.0, =1.6.0, =0.2.1, =0.2.75, =0.3.4 and more Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...
@garment/plugin-runner-publish (>=0.13.7 <=0.18.0), bower-npm-resolver (=0.11.0) +4 more potentially affected by CVE-2022-0355 via simple-get (=3.0.3)
simple-get NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - @garment/plugin-runner-publish =0.13.7, =3.2.4, =2.0.3, =2.0.5 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...
CVE-2022-0355
A flaw was found in the simple-get library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to expose sensitive information from an unauthorized actor as the cookie is leaked...
CVE-2022-0355
creationtimestamp| type| source ---|---|--- 2022-01-26 07:19:08+00:00| seen| https://t.me/cibsecurity/36285...
CVE-2022-0355
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1...
CVE-2022-0355 Improper Removal of Sensitive Information Before Storage or Transfer in feross/simple-get
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1...
CVE-2022-0355 Improper Removal of Sensitive Information Before Storage or Transfer in feross/simple-get
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1...
CVE-2022-0355
CVE-2022-0355 affects the Node.js package simple-get (versions earlier than 4.0.1). The root cause is improper handling of sensitive data before storage or transfer, allowing exposure of session cookies when fetching remote URLs. Impact can include session hijacking or unauthorized access, depend...