Skip to content

Address follow-redirects vulnerability failing CI scan #384

New issue
New issue
Closed
#388
Closed
Address follow-redirects vulnerability failing CI scan#384
#388
Assignees
JamieSlome
Labels
bugSomething isn't working
@JamieSlome

Description

@JamieSlome
JamieSlome
opened on Jan 5, 2024

Description

#383 #380 #377 #376 #375 #373 are failing as a result of a vulnerability in follow-redirects.

CVE Details

Vulnerability Title:  [CVE-2023-26159] CWE-20: Improper Input Validation
ID:  CVE-2023-26159
Description:  Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
CVSS Score:  7.3
CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE:  CVE-2023-26159
Reference:  https://ossindex.sonatype.org/vulnerability/CVE-2023-26159?component-type=npm&component-name=follow-redirects&utm_source=auditjs&utm_medium=integration&utm_content=4.0.43

### Tasks
- [ ] Resolve the manifest to address the vulnerability alert
- [ ] Resolve pending PRs and merge into `main`

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions