CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “follow-redirects_project”

3 vulnerabilities found for “follow-redirects_project”

CVE-2024-28849

MEDIUM6.5

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

follow-redirects_project / follow-redirects

Network

Published Mar 14, 2024

CVE-2022-0536

LOW2.6

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.

follow-redirects_project / follow-redirects

Adjacent

Published Feb 9, 2022

CVE-2022-0155

MEDIUM6.5

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

follow-redirects_project / follow-redirects+3

Network

Published Jan 10, 2022