Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
typed-rest-client vulnerable to potential leak of authentication data to 3rd parties
Vulnerability Description
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Microsoft typed-rest-client 安全漏洞
Vulnerability Description
Microsoft typed-rest-client是美国微软(Microsoft)公司的一个具有 TypeScript 类型的类型化 REST 和 HTTP 客户端。 Microsoft typed-rest-client 1.7.3版本及之前版本存在安全漏洞,该漏洞源于用户的身份验证数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A