Описание
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.
EPSS
Процентиль: 40%
0.00179
Низкий
7.5 High
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
fetch: Authorization headers not dropped when redirecting cross-origin
EPSS
Процентиль: 40%
0.00179
Низкий
7.5 High
CVSS3
Дефекты
CWE-200