Описание
phin may include sensitive headers in subsequent requests after redirect
Impact
Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.
Patches
The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.
Workarounds
N/A. Please update to resolve the issue.
Пакеты
Наименование
phin
npm
Затронутые версииВерсия исправления
< 3.7.1
3.7.1
4.3 Medium
CVSS3
Дефекты
CWE-200
4.3 Medium
CVSS3
Дефекты
CWE-200