First published: Thu May 12 2022(Updated: )
A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.
Credit: security@huntr.dev security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-dotnet31-dotnet | <0:3.1.422-1.el7_9 | 0:3.1.422-1.el7_9 |
redhat/rh-dotnet60-dotnet | <0:6.0.107-1.el7_9 | 0:6.0.107-1.el7_9 |
redhat/dotnet6.0 | <0:6.0.107-1.el8_6 | 0:6.0.107-1.el8_6 |
redhat/dotnet3.1 | <0:3.1.422-1.el8_6 | 0:3.1.422-1.el8_6 |
redhat/dotnet6.0 | <0:6.0.107-1.el9_0 | 0:6.0.107-1.el9_0 |
Eventsource Eventsource | <1.1.1 | |
Eventsource Eventsource | >=2.0.0<2.0.2 | |
Debian Debian Linux | =10.0 | |
npm/eventsource | >=2.0.0<2.0.2 | 2.0.2 |
npm/eventsource | <1.1.1 | 1.1.1 |
redhat/eventsource | <2.0.2 | 2.0.2 |
<=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)