CVE-2022-0654: Cookie exposure in requestretry

February 24, 2022 (updated March 1, 2022)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.

References

github.com/advisories/GHSA-hjp8-2cm3-cc45
github.com/fgribreau/node-request-retry/commit/0979c6001d9d57c2aac3157c11b007397158922a
huntr.dev/bounties/a779faf5-c2cc-48be-a31d-4ddfac357afc
nvd.nist.gov/vuln/detail/CVE-2022-0654

Detect and mitigate CVE-2022-0654 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →