Description
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
Remediation
References
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
https://github.com/DylanVann/react-native-fast-image/issues/690
https://github.com/DylanVann/react-native-fast-image/pull/691
Related Vulnerabilities
CVE-2022-44262 Vulnerability in maven package org.ff4j:ff4j-core
CVE-2023-30530 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.11
CVE-2020-7762 Vulnerability in npm package jsreport-chrome-pdf
CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe