Описание
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.
Отчет
This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-all-in-one-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-query-rhel8 | Affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Will not fix | ||
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Will not fix | ||
| .NET Core 5.0 on Red Hat Enterprise Linux | rh-dotnet50-dotnet | Out of support scope | ||
| OpenShift Developer Tools and Services | odo | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| OpenShift Service Mesh 2.1 | servicemesh-prometheus | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...
node-fetch forwards secure headers to untrusted sites
EPSS
6.1 Medium
CVSS3