Skip to main content

Test Results

victorperin/qr-scanner-cli

Snyk’s security scan found the following vulnerabilities.
Ready to fix your vulnerabilities? Automatically find, fix, and monitor vulnerabilities for free with Snyk.

Vulnerabilities

 1 via 1 paths

Dependencies

 313

Source

 GitHub

Commit

 78d64037

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Exposure of Sensitive Information to an Unauthorized Actor

  • Vulnerable module: phin
  • Introduced through: jimp@0.16.13

Detailed paths

  • Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e jimp@0.16.13 @jimp/custom@0.16.13 @jimp/core@0.16.13 phin@2.9.3
    Remediation: Upgrade to jimp@0.22.0.

Overview

phin is a The ultra-lightweight Node.js HTTP client

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the handling of HTTP headers during redirects when followRedirects is enabled. An attacker can potentially intercept sensitive information by exploiting how headers are included in outgoing requests after a redirect.

Remediation

Upgrade phin to version 3.7.1 or higher.

References

Exposure of Sensitive Information to an Unauthorized Actor vulnerability report