Vulnerability Details CVE-2020-7696
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/DylanVann/react-native-fast-image/issues/690
- https://github.com/DylanVann/react-native-fast-image/pull/691
- https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
- https://github.com/DylanVann/react-native-fast-image/issues/690
- https://github.com/DylanVann/react-native-fast-image/pull/691
- https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
Products affected by CVE-2020-7696
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:-
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.10
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.11
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.5
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.6
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.7
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.8
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.0.9
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.1.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.1.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:0.1.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:1.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.1.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.1.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.1.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.1.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.1.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.5
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:2.2.6
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:3.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:3.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:3.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.10
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.11
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.12
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.13
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.14
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.5
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.6
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.7
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.8
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:4.0.9
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.0.11
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.1.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.1.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.1.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.1.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.1.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.2.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.2.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.3.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.4.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.4.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:5.4.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.0.5
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.1.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:6.1.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:7.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:7.0.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:7.0.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.0.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.10
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.3
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.4
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.5
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.6
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.7
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.8
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.1.9
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.2.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.2.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.2.2
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.3.0
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.3.1
-
cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:8.3.2