CVE-2022-0355: Exposure of Sensitive Information to an Unauthorized Actor

January 26, 2022 (updated August 2, 2023)

Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get.

References

github.com/advisories/GHSA-wpg7-2c88-r8xv
github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f
huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31
nvd.nist.gov/vuln/detail/CVE-2022-0355

Detect and mitigate CVE-2022-0355 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →