3 matches found
Information Disclosure
@finastra/nestjs-proxy is vulnerable to information disclosure. The vulnerability exists in the ProxyService function due to a lack of sanitization in the authorization header which allows an unauthorized user to access sensitive information in the system...
CVE-2022-31070
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31070
The CVE-2022-31070 issue affects the NestJS Proxy library. Prior to 0.7.0, nestjs-proxy could forward sensitive cookies (e.g., session cookies) to backend services, risking exposure. The fix is in @finastra/nestjs-proxy v0.7.0, which blocks cookies by default; an allowedCookies whitelist can be c...