Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.

Related CVEs

CVE-2017-7797

Key Information

GHSA ID

GHSA-5xc2-gx42-84wf

Published

May 14, 2022 3:11 AM

Last Modified

May 14, 2022 3:11 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 14, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.