Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
Vulnerability Description
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Microsoft Actions Http-Client 信息泄露漏洞
Vulnerability Description
Microsoft Actions Http-Client是美国微软(Microsoft)公司的一款轻量级的HTTP客户端。 Microsoft Actions Http-Client (NPM @actions/http-client) 1.0.8之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A