Vulnerabilities

 1 via 2 paths

Dependencies

 103

Source

 GitHub

Commit

 8656895d

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure Through Sent Data

  • Vulnerable module: phin
  • Introduced through: node-vibrant@3.1.6

Detailed paths

  • Introduced through: iobroker.heos@withstu/ioBroker.heos#8656895da27f839fa0d86f34ef922f4ea698f04d node-vibrant@3.1.6 @jimp/custom@0.16.13 @jimp/core@0.16.13 phin@2.9.3
  • Introduced through: iobroker.heos@withstu/ioBroker.heos#8656895da27f839fa0d86f34ef922f4ea698f04d node-vibrant@3.1.6 @jimp/custom@0.16.13 @jimp/core@0.16.13 load-bmfont@1.4.1 phin@2.9.3

Overview

phin is a The ultra-lightweight Node.js HTTP client

Affected versions of this package are vulnerable to Information Exposure Through Sent Data due to the handling of HTTP headers during redirects when followRedirects is enabled. An attacker can potentially intercept sensitive information by exploiting how headers are included in outgoing requests after a redirect.

Remediation

Upgrade phin to version 3.7.1 or higher.

References

Information Exposure Through Sent Data vulnerability report