This repository has been archived by the owner on Apr 11, 2023. It is now read-only.
Upgrade Vulnerable Library: eventsource (npm) from < 1.1.1 to 1.1.1 #359
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Bump eventsource from 1.0.7 to 1.1.1 in /cmd/rp-adapter-vue
Severity: CRITICAL
When fetching an url with a link to an external site (Redirect), the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized."
The text was updated successfully, but these errors were encountered: