Advisories for Npm/Typed-Rest-Client package

2023

Insufficiently Protected Credentials

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower is vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next …