Vulnerabilities

1 via 1 paths

Dependencies

47

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Information Exposure

  • Vulnerable module: simple-get
  • Introduced through: simple-get@2.8.1

Detailed paths

  • Introduced through: prebuild-install@1.1.0 simple-get@2.8.1
    Remediation: Upgrade to prebuild-install@7.0.0.

Overview

Affected versions of this package are vulnerable to Information Exposure. When getting Location response header after fetching a remote url with Cookie, it will follow that url and fetch it with the provided cookie which will be then leaked to the attacker .

Remediation

Upgrade simple-get to version 4.0.1 or higher.

References