Vulnerabilities

1 via 1 paths

Dependencies

269

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Information Exposure

  • Vulnerable module: simple-get
  • Introduced through: gl@4.9.2

Detailed paths

  • Introduced through: molstar@2.4.0 gl@4.9.2 prebuild-install@5.3.6 simple-get@3.1.0
    Remediation: Upgrade to molstar@3.0.0.

Overview

Affected versions of this package are vulnerable to Information Exposure. When getting Location response header after fetching a remote url with Cookie, it will follow that url and fetch it with the provided cookie which will be then leaked to the attacker .

Remediation

Upgrade simple-get to version 4.0.1 or higher.

References