Fix CVE–2022–0536

[debricked]

CVE–2022–0536

Vulnerable dependency:     follow-redirects (Yarn)    1.13.0

Vulnerability details

Description

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

NVD

Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.

GitHub

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects

Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.

CVSS details - 5.9

 

CVSS3 metrics
Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity	None
Availability	None

References

    NVD - CVE-2022-0536
    Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects · CVE-2022-0536 · GitHub Advisory Database · GitHub
    Drop confidential headers across schemes. · follow-redirects/follow-redirects@62e546a · GitHub
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability found in follow-redirects
    GitHub - follow-redirects/follow-redirects: Node.js module that automatically follows HTTP(S) redirects
    follow-redirects/index.js at 8b347cbcef7c7b72a6e9be20f5710c17d6163c22 · follow-redirects/follow-redirects · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE