GHSA-7543-mr7h-6v86

Suggest an improvement
Source
https://github.com/advisories/GHSA-7543-mr7h-6v86
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-7543-mr7h-6v86/GHSA-7543-mr7h-6v86.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7543-mr7h-6v86
Published
2020-09-02T16:00:26Z
Modified
2021-09-27T16:15:52Z
Summary
Improper Authorization in googleapis
Details

Versions of googleapis prior to 39.1.0 are vulnerable to Improper Authorization. Setting credentials to one client may apply to all clients which may cause requests to be sent with the incorrect credentials.

Recommendation

Upgrade to version 39.1.0.

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-08-31T18:35:54Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-285"
    ]
}
References

Affected packages

npm / googleapis

Package

Name
googleapis
View open source insights on deps.dev
Purl
pkg:npm/googleapis

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
39.1.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-7543-mr7h-6v86/GHSA-7543-mr7h-6v86.json"