Описание
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | odo | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-prometheus | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3amp-system | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-ui-rhel8 | Affected | ||
| Red Hat Fuse 7 | cross-fetch | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | cross-fetch | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
Withdrawn Advisory: Incorrect Authorization in cross-fetch
Уязвимость API-интерфейса WHATWG Fetch для Node Cross-fetch, связанная с ошибками обработки файлов cookie, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS3