Moderate severityGHSA Advisory· Published Jul 17, 2020· Updated Sep 16, 2024

Information Exposure

CVE-2020-7696

Description

This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
react-native-fast-imagenpm	< 8.3.0	8.3.0

Affected products

Lumiverse/React Native Fast ImageGHSA
Range: < 8.3.0
Package: https://npmjs.com/package/react-native-fast-image
ghsa-coords
pkg:npm/react-native-fast-image
Range: < 8.3.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-6xhg-q9c8-rj32ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-7696ghsaADVISORY
github.com/DylanVann/react-native-fast-image/commit/4a7cd64f5b0aa40b04d63ccb105ee2b511abe624ghsaWEB
github.com/DylanVann/react-native-fast-image/issues/690ghsax_refsource_MISCWEB
github.com/DylanVann/react-native-fast-image/pull/691ghsax_refsource_MISCWEB
snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000