19 matches found
CVE-2022-31069
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
EUVD-2022-5976
Malicious code in bioql PyPI...
Malicious code in nestjs-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 712dfba5f6483ec5b01dbe91ce2b407887542d9cc9588955146a3970ec6097fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4802 Malicious code in nestjs-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 712dfba5f6483ec5b01dbe91ce2b407887542d9cc9588955146a3970ec6097fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
The nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in sensitive information such as OAuth bearer access tokens being inadvertently exposed to...
Information Disclosure
@finastra/nestjs-proxy is vulnerable to information disclosure. The vulnerability exists in the ProxyService function due to a lack of sanitization in the authorization header which allows an unauthorized user to access sensitive information in the system...
CVE-2022-31070
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31069
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
Default configuration
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31070 Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31070 Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31070 Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...
CVE-2022-31070
The CVE-2022-31070 issue affects the NestJS Proxy library. Prior to 0.7.0, nestjs-proxy could forward sensitive cookies (e.g., session cookies) to backend services, risking exposure. The fix is in @finastra/nestjs-proxy v0.7.0, which blocks cookies by default; an allowedCookies whitelist can be c...
CVE-2022-31069 Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
CVE-2022-31069
CVE-2022-31069 Impact and Fix: The issue concerns the NestJS Proxy library where Authorization headers could be inadvertently forwarded to backend services. A fix was introduced in nestjs-proxy version 0.7.0 (under @finastra/nestjs-proxy). The advisory notes that @ffdc/nestjs-proxy is deprecated,...
CVE-2022-31069 Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
CVE-2022-31069 Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
NestJS Proxy 信息泄露漏洞
NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. An information disclosure vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to prevent the forwarding of sensitive cookies e.g., session cookies ...
NestJS Proxy 信息泄露漏洞
NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. A security vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to control when an authorization header should be forwarded for a specific backend...