CVE-2020-7696
MEDIUMreact-native-fast-image < 8.3.0 - Exposure of Sensitive Information via Reused Headers
Title source: llmDescription
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
Exploit, Third Party Advisory x_refsource_misc
https://github.com/DylanVann/react-native-fast-image/issues/690
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/DylanVann/react-native-fast-image/pull/691
Scores
CVSS v3
5.3
EPSS
0.0158
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
npm/react-native-fast-image
0 - 8.3.0npm
react-native-fast-image_project/react-native-fast-image
Published
Jul 17, 2020
Tracked Since
Feb 18, 2026