Lucene search
K

6 matches found

OSV
OSV
added 3 days ago4 views

ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

5.8AI score0.00054EPSS
Exploits0
OSV
OSV
added 2026/06/11 1:27 p.m.7 views

GHSA-X426-X7CC-3FPC @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

Impact Wreck strips credential headers Authorization, Cookie, Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP...

6.5CVSS5.5AI score0.0001EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 12:38 a.m.9 views

GHSA-VHJM-W67Q-G75C @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

6.3CVSS5.8AI score0.00054EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/27 12:38 a.m.5 views

20yearrewards (>=1.0.7 <=1.0.8), 3id-test-helper (>=1.0.0 <=1.0.4) +1062 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=15.1.0 <=18.0.1)

@hapi/wreck NPM version =15.1.0, =1.0.7, =1.0.0, =0.24.0, =2.0.2, =6.8.2, =1.4.0, =1.0.0, =0.0.2, =1.0.0, =1.6.0, =1.7.10 and more Source cves: CVE-2026-44979 Source advisory: OSV:GHSA-VHJM-W67Q-G75C...

5.7AI score0.00054EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/27 12:38 a.m.5 views

@userfront/bell (>=5.2.3-0 <=6.0.0), ffc-auth (>=0.1.0 <=0.13.0-alpha.2) +1 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=18.0.0 <=18.0.1)

@hapi/wreck NPM version =18.0.0, =5.2.3-0, =0.1.0, =1.0.2, =1.0.4 Source cves: CVE-2026-44979 Source advisory: SNYK:JS-HAPIWRECK-16881586...

5.4AI score0.00054EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43631

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

6.3CVSS5.8AI score0.00734EPSS
Exploits0References5
Rows per page
Query Builder