CVE-2020-7696

Name of the Vulnerable Software and Affected Versions react-native-fast-image versions prior to 8.3.0

Description The issue arises when an image is loaded with a source that includes headers, such as host and authorization. This causes all subsequent images to use the same headers, potentially leading to the leakage of signing credentials or other session tokens to other servers. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the authorization header in the source object of images until the issue is resolved. Restrict access to sensitive information, such as signing credentials, to minimize the risk of exploitation.