Vulnerabilities

 1 via 1 paths

Dependencies

 87

Source

 GitHub

Commit

 0ccbccc4

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure Through Sent Data

  • Vulnerable module: phin
  • Introduced through: jimp@0.22.12

Detailed paths

  • Introduced through: image-to-gradient@peterekepeter/image-to-gradient#0ccbccc440e3eb54d52059f5373cbb2fabfab60a jimp@0.22.12 @jimp/plugins@0.22.12 @jimp/plugin-print@0.22.12 load-bmfont@1.4.1 phin@2.9.3

Overview

phin is a The ultra-lightweight Node.js HTTP client

Affected versions of this package are vulnerable to Information Exposure Through Sent Data due to the handling of HTTP headers during redirects when followRedirects is enabled. An attacker can potentially intercept sensitive information by exploiting how headers are included in outgoing requests after a redirect.

Remediation

Upgrade phin to version 3.7.1 or higher.

References

Information Exposure Through Sent Data vulnerability report