Описание
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
A flaw was found in follow-redirects when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | npm-follow-redirects | Out of support scope | ||
| OpenShift Service Mesh 2.0 | npm-follow-redirects | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-header-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/kui-web-terminal-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/mcm-topology-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Security 3 | follow-redirects | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
follow-redirects is vulnerable to Exposure of Private Personal Informa ...
Exposure of sensitive information in follow-redirects
Уязвимость модуля Node.js follow-redirects, связанная с ошибками обработки файлов cookie, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3