Facebook · React-Native-Fast-Image · CVE-2020-7696
**Name of the Vulnerable Software and Affected Versions**
react-native-fast-image versions prior to 8.3.0
**Description**
The issue arises when an image is loaded with a source that includes headers, such as `host` and `authorization`. This causes all subsequent images to use the same headers, potentially leading to the leakage of signing credentials or other session tokens to other servers. The estimated number of potentially affected devices is not specified.
**Recommendations**
For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `authorization` header in the `source` object of images until the issue is resolved. Restrict access to sensitive information, such as signing credentials, to minimize the risk of exploitation.