Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
follow-redirects follow redirects vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header w...
NA
CVE-2023-26159
Versions of the package follow-redirects prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit thi...
Follow-redirects Follow Redirects
NA
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patc...
Metabase Metabase
4.3
CVSSv2
CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects before 1.14.8.
Follow-redirects Project Follow-redirects
4.3
CVSSv2
CVE-2022-0155
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Follow-redirects Project Follow-redirects
Siemens Sinec Ins 1.0
Siemens Sinec Ins
7 Github repositories
4.9
CVSSv2
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
6.4
CVSSv2
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
4.3
CVSSv2
CVE-2013-3948
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote malicious users to trigger installation of arbitrary applications via a download-manifest itms-services:...
Apple Iphone Os 6.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started