Vulnerabilities

1 via 1 paths

Dependencies

9

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure

  • Vulnerable module: follow-redirects
  • Introduced through: follow-redirects@0.0.3

Detailed paths

  • Introduced through: docker-modem@0.1.23 follow-redirects@0.0.3
    Remediation: Upgrade to docker-modem@0.3.2.

Overview

Affected versions of this package are vulnerable to Information Exposure by leaking the cookie header to a third party site in the process of fetching a remote URL with the cookie in the request body. If the response contains a location header, it will follow the redirect to another URL of a potentially malicious actor, to which the cookie would be exposed.

Remediation

Upgrade follow-redirects to version 1.14.7 or higher.

References