Description
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Recommendation
Update the follow-redirects package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.14.7
- Patched version(s): 1.14.7
References
- GHSA-74fj-2j2h-c42q
- huntr.dev
- cert-portal.siemens.com
- CVE-2022-0155
- CWE-359
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 5 - CVE-2020-8203
- Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 3 - CVE-2020-8203
- Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 2 - CVE-2020-8203
- IPX Allows Path Traversal via Prefix Matching Bypass - CVE-2025-54387
- Tags:
- npm
- follow-redirects
Anything's wrong? Let us know Last updated on February 12, 2025