Описание
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
A flaw was found in the simple-get library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to expose sensitive information from an unauthorized actor as the cookie is leaked.
Отчет
In Red Hat Virtualization, simple-get is a dependency of isomorphic-git, which is a development time dependency and is not delivered with the product. Therefore impact has been rated Low and the vulnerability will not be addressed immediately.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/kui-web-terminal-rhel8 | Will not fix | ||
| Red Hat Virtualization 4 | ovirt-engine-ui-extensions | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200->CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=2047262simple-get: exposure of sensitive information to an unauthorized actor
EPSS
Процентиль: 64%
0.0046
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
около 4 лет назад
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
EPSS
Процентиль: 64%
0.0046
Низкий
7.5 High
CVSS3