Vulnerabilities

1 via 1 paths

Dependencies

2

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure

  • Vulnerable module: follow-redirects
  • Introduced through: follow-redirects@1.2.2

Detailed paths

  • Introduced through: follow-redirects@1.2.2
    Remediation: Upgrade to follow-redirects@1.14.7.

Overview

Affected versions of this package are vulnerable to Information Exposure by leaking the cookie header to a third party site in the process of fetching a remote URL with the cookie in the request body. If the response contains a location header, it will follow the redirect to another URL of a potentially malicious actor, to which the cookie would be exposed.

Remediation

Upgrade follow-redirects to version 1.14.7 or higher.

References