Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
- Severity:
- Medium
Description
Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
Recommendation
Update the follow-redirects package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.14.8
- Patched version(s): 1.14.8
References
Related Issues
- tiny-secp256k1 allows for verify() bypass when running in bundled environment - CVE-2024-49365
- Exposure of sensitive information in follow-redirects - CVE-2022-0155
- Astro's server source code is exposed to the public if sourcemaps are enabled - CVE-2024-56159
- follow-redirects' Proxy-Authorization header kept across hosts - CVE-2024-28849
- Tags:
- npm
- follow-redirects
Anything's wrong? Let us know Last updated on July 21, 2023