Homepage
About Snyk

Information Exposure Affecting react-native-fast-image package, versions <8.3.0

0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.13% (48th percentile)
Expand this section
NVD
5.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-REACTNATIVEFASTIMAGE-572228
  • published 13 Jul 2020
  • disclosed 12 Jun 2020
  • credit Andrei Alecu
Report a new vulnerability Found a mistake?

Introduced: 12 Jun 2020

CVE-2020-7696 Open this link in a new tab
CWE-255 Open this link in a new tab
First added by Snyk

How to fix?

Upgrade react-native-fast-image to version 8.3.0 or higher.

Overview

react-native-fast-image is a FastImage, performant React Native image component.

Affected versions of this package are vulnerable to Information Exposure. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.