Fluid Attacks Database

Description

Exposure of sensitive information in follow-redirects follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	node-follow-redirects	=1.13.1-1 \|\| >=0 <1.13.1-1+deb11u1	1.13.1-1+deb11u1
debian 12	node-follow-redirects	>=0 <1.14.7+~1.13.1-1	1.14.7+~1.13.1-1
npm	follow-redirects	>=0 <1.14.7	1.14.7
debian 13	node-follow-redirects	>=0 <1.14.7+~1.13.1-1	1.14.7+~1.13.1-1
debian 14	node-follow-redirects	>=0 <1.14.7+~1.13.1-1	1.14.7+~1.13.1-1

Aliases

1. CVE-2022-01552. NVD-2022-01553. OSV-DEBIAN-2022-01554. OSV-2022-01555. GCVE-2022-01556. SECURITY-TRACKER-CVE-2022-0155

References

1. https://github.com/coana-tech/CVE-2022-0155-PoC2. https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c223. https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf4. https://github.com/follow-redirects/follow-redirects5. https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406