EUVD-2021-0978

Malware in sbrugna...

Credential leak in react-native-fast-image

Overview This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other...

@agungkes/react-native-scalable-image (>=1.0.1 <=1.0.2), @applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0) +35 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=4.0.14 <=8.2.0)

react-native-fast-image NPM version =4.0.14, =1.0.1, =1.0.0, =1.0.0, =1.8.20, =1.0.21, =0.0.8, =0.0.8, =0.0.1, =0.0.1, =0.10.25, =1.0.113, =1.0.220 - inso-motorbike-liability =1.0.2 and more Source cves: CVE-2020-7696 Source advisory: OSV:GHSA-6XHG-Q9C8-RJ32...

GHSA-6XHG-Q9C8-RJ32 Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

@applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0), @momo-platform/component-kits (=1.1.74) +5 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=8.1.2 <=8.2.0)

react-native-fast-image NPM version =8.1.2, =1.0.0, =0.0.1, =0.1.0, =1.2.23 Source cves: CVE-2020-7696 Source advisory: SNYK:JS-REACTNATIVEFASTIMAGE-572228...