Withdrawn Advisory: Incorrect Authorization in cross-fetch
Withdrawn Advisory This advisory has been withdrawn because the vulnerability originates from a dependency. For more information, see the Maintainer comments in https://huntr.com/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac. Original Description When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty. Ex: you try to fetch example.com with cookie and …