2 matches found
CVE-2022-31070
The CVE-2022-31070 issue affects the NestJS Proxy library. Prior to 0.7.0, nestjs-proxy could forward sensitive cookies (e.g., session cookies) to backend services, risking exposure. The fix is in @finastra/nestjs-proxy v0.7.0, which blocks cookies by default; an allowedCookies whitelist can be c...
CVE-2022-31069
CVE-2022-31069 Impact and Fix: The issue concerns the NestJS Proxy library where Authorization headers could be inadvertently forwarded to backend services. A fix was introduced in nestjs-proxy version 0.7.0 (under @finastra/nestjs-proxy). The advisory notes that @ffdc/nestjs-proxy is deprecated,...