GHSA-74fj-2j2h-c42q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-74fj-2j2h-c42q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-74fj-2j2h-c42q/GHSA-74fj-2j2h-c42q.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-74fj-2j2h-c42q
- Aliases
- Published
- 2022-01-12T22:46:26Z
- Modified
- 2023-11-01T04:57:01.944010Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Exposure of sensitive information in follow-redirects
- Details
-
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- Database specific
{ "cwe_ids": [ "CWE-359" ], "github_reviewed": true, "nvd_published_at": "2022-01-10T20:15:00Z", "github_reviewed_at": "2022-01-11T18:41:08Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-0155
- https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/follow-redirects/follow-redirects
- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
Affected packages
npm / follow-redirects
Package
- Name
- follow-redirects
- View open source insights on deps.dev
- Purl
- pkg:npm/follow-redirects