EPSS
Percentile
52.1%
@actions/http-client is vulnerable to information disclosure. When a request that results in a 302 redirect contains a Authorization header, the credentials is disclosed to the other domain.
github.com/actions/http-client/commit/f6aae3dda4f4c9dc0b49737b36007330f78fd53a
github.com/actions/http-client/pull/27
github.com/actions/http-client/security/advisories/GHSA-9w6v-m7wp-jwg4