Vulnerabilities

 1 via 3 paths

Dependencies

 332

Source

 GitHub

Commit

 78d64037

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Information Exposure Through Sent Data

  • Vulnerable module: phin
  • Introduced through: jimp@0.16.13

Detailed paths

  • Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e jimp@0.16.13 @jimp/custom@0.16.13 @jimp/core@0.16.13 phin@2.9.3
    Remediation: Upgrade to jimp@0.22.0.
  • Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e jimp@0.16.13 @jimp/custom@0.16.13 @jimp/core@0.16.13 load-bmfont@1.4.1 phin@2.9.3
  • Introduced through: qr-scanner-cli@victorperin/qr-scanner-cli#78d640374c406e63459ebedc621126ce59eb5e5e jimp@0.16.13 @jimp/plugins@0.16.13 @jimp/plugin-print@0.16.13 load-bmfont@1.4.1 phin@2.9.3

Overview

phin is a The ultra-lightweight Node.js HTTP client

Affected versions of this package are vulnerable to Information Exposure Through Sent Data due to the handling of HTTP headers during redirects when followRedirects is enabled. An attacker can potentially intercept sensitive information by exploiting how headers are included in outgoing requests after a redirect.

Remediation

Upgrade phin to version 3.7.1 or higher.

References

Information Exposure Through Sent Data vulnerability report