CVE-2022-1365: Incorrect Authorization

April 15, 2022 (updated November 22, 2022)

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.

References

github.com/advisories/GHSA-7gc6-qh9x-w6h8
github.com/lquixada/cross-fetch/commit/a3b3a9481091ddd06b8f83784ba9c4e034dc912a
huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac
nvd.nist.gov/vuln/detail/CVE-2022-1365

Code Behaviors & Features

Detect and mitigate CVE-2022-1365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →