CVE-2022-3474
CVE-2022-3474 concerns a flaw in Bazel's remote assets API where bad credential handling causes all user-provided credentials to be sent instead of only the required ones. Affected are Bazel versions prior to 5.3.2 and 4.2.3. The consequence is credential exposure for requests using this API. The...