Vulnerabilities

1 via 1 paths

Dependencies

58

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Information Exposure

  • Vulnerable module: simple-get
  • Introduced through: web3-utils@1.3.6

Detailed paths

  • Introduced through: @truffle/codec@0.10.7 web3-utils@1.3.6 eth-lib@0.2.8 xhr-request-promise@0.1.3 xhr-request@1.1.0 simple-get@2.8.1

Overview

Affected versions of this package are vulnerable to Information Exposure. When getting Location response header after fetching a remote url with Cookie, it will follow that url and fetch it with the provided cookie which will be then leaked to the attacker .

Remediation

Upgrade simple-get to version 4.0.1 or higher.

References