CVE-2020-7696 in react-native-fast-imageinformación

Resumen

por MITRE

This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Snyk

Reservar

2020-01-21

Moderación

aceptado

Artículo

VDB-158746

CPE

listo

CWE

CWE-1018 (confirmado)

CVSS

5.3 (NVD)

EPSS

0.00455

KEV

Actividades

muy bajo

Sector

Hostingprovider, Finance, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-7696
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-7696
CVE Details	https://www.cvedetails.com/cve/CVE-2020-7696/

◂ Anterior Visión De Conjunto Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!