CVE-2020-11021

CVE-2020-11021 (Actions Http-Client) : The npm package @actions/http-client, prior to version 1.0.8, can disclose the Authorization header when a request with an Authorization header is redirected (302) to a different domain. The issue arises during redirects across hosts, allowing header leakage...