typed-rest-client is vulnerable to Information Disclosure. The vulnerability exists because the library does not disable the authentications on redirections, which allows an attacker to send a malicious request with BasicCredentialHandler
, BearerCredentialHandler
, or PersonalAccessTokenCredentialHandler
, which return the target host with a link to a second host, leading to a leak of authentication data to 3rd parties.
CPE | Name | Operator | Version |
---|---|---|---|
typed-rest-client | le | 1.7.3 | |
typed-rest-client | le | 1.7.3 |