CVE-2023-30846 – typed-rest-client

Package

Manager: npm
Name: typed-rest-client
Vulnerable Version: >=0 <1.8.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02877 pctl0.85775

Details

Potential leak of authentication data to 3rd parties ### Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler` 2. The target host may return a redirection (3xx), with a link to a second host. 3. The next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. ### Patches The problem was fixed on April 1st 2020. ### Workarounds There is no workaround. ### References This is similar to the following issues in nature: 1. [HTTP authentication leak in redirects](https://curl.haxx.se/docs/CVE-2018-1000007.html) - I used the same solution as CURL did. 2. [CVE-2018-1000007](https://nvd.nist.gov/vuln/detail/CVE-2018-1000007).

Metadata

Created: 2023-04-27T14:02:11Z
Modified: 2023-05-05T21:40:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-558p-m34m-vpmq/GHSA-558p-m34m-vpmq.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-558p-m34m-vpmq
Finding: F035
Auto approve: 1