Skip to content

Exposure of sensitive information in follow-redirects

high severity GitHub Reviewed Published Jan 12, 2022

Package

npm follow-redirects (npm)

Affected versions

< 1.14.7

Patched versions

1.14.7

Description

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

References

CVE ID

CVE-2022-0155

CVSS Score

8.0 High
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H