@actions/http-client@1.0.2 vulnerabilities
Actions Http Client
-
latest version
2.2.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @actions/http-client package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@actions/http-client is an actions-http-client. Affected versions of this package are vulnerable to Information Disclosure. Actions Http-Client can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client:
Then the authorization header will get passed to the other domain. How to fix Information Disclosure? Upgrade |
<1.0.8
|