Description
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
Remediation
References
https://github.com/DylanVann/react-native-fast-image/issues/690
https://github.com/DylanVann/react-native-fast-image/pull/691
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
Related Vulnerabilities
CVE-2018-11694 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-28500 Vulnerability in maven package org.fujion.webjars:lodash
CVE-2022-24814 Vulnerability in npm package directus
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable