Headline
GHSA-558p-m34m-vpmq: Potential leak of authentication data to 3rd parties
Impact
Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties.
The flow of the vulnerability is as follows:
- Send any request with
BasicCredentialHandler,BearerCredentialHandlerorPersonalAccessTokenCredentialHandler - The target host may return a redirection (3xx), with a link to a second host.
- The next request will use the credentials to authenticate with the second host, by setting the
Authorizationheader.
The expected behavior is that the next request will NOT set the Authorization header.
Patches
The problem was fixed on April 1st 2020.
Workarounds
There is no workaround.
References
This is similar to the following issues in nature:
- HTTP authentication leak in redirects - I used the same solution as CURL did.
- CVE-2018-1000007.
Package
npm typed-rest-client (npm)
Affected versions
< 1.8.0
Description
Impact
Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties.
The flow of the vulnerability is as follows:
- Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler
- The target host may return a redirection (3xx), with a link to a second host.
- The next request will use the credentials to authenticate with the second host, by setting the Authorization header.
The expected behavior is that the next request will NOT set the Authorization header.
Patches
The problem was fixed on April 1st 2020.
Workarounds
There is no workaround.
References
This is similar to the following issues in nature:
- HTTP authentication leak in redirects - I used the same solution as CURL did.
- CVE-2018-1000007.
References
- GHSA-558p-m34m-vpmq
- https://nvd.nist.gov/vuln/detail/CVE-2023-30846
- microsoft/typed-rest-client#207
- microsoft/typed-rest-client@f9ff755
Published to the GitHub Advisory Database
Apr 27, 2023
Last updated
Apr 27, 2023
Related news
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.