Fix CVE–2022–0155

[debricked]

CVE–2022–0155

Vulnerable dependency:     follow-redirects (npm)    1.13.0

Vulnerability details

Description

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

NVD

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

GitHub

Exposure of sensitive information in follow-redirects

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CVSS details - 6.5

 

CVSS3 metrics
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity	None
Availability	None

References

    Exposure of sensitive information in follow-redirects · CVE-2022-0155 · GitHub Advisory Database · GitHub
    NVD - CVE-2022-0155
    Drop Cookie header across domains. · follow-redirects/follow-redirects@8b347cb · GitHub
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability found in follow-redirects
    Cookie header not cleared upon cross-domain redirect · Issue #183 · follow-redirects/follow-redirects · GitHub
    GitHub - follow-redirects/follow-redirects: Node.js module that automatically follows HTTP(S) redirects
    THIRD PARTY

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE