This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
References
Link | Resource |
---|---|
https://github.com/DylanVann/react-native-fast-image/issues/690 | Exploit Third Party Advisory |
https://github.com/DylanVann/react-native-fast-image/pull/691 | Exploit Issue Tracking Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-07-17T00:00:00
Updated: 2020-07-17T09:25:14
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7696
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-17T10:15:12.467
Modified: 2020-07-22T17:42:33.953
Link: CVE-2020-7696
JSON object: View
Redhat Information
No data.
CWE