Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
follow-redirects follow redirects vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header w...
6.1
CVSSv3
CVE-2023-26159
Versions of the package follow-redirects prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit thi...
Follow-redirects Follow Redirects
6.5
CVSSv3
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patc...
Metabase Metabase
5.9
CVSSv3
CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects before 1.14.8.
Follow-redirects Project Follow-redirects
6.5
CVSSv3
CVE-2022-0155
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Follow-redirects Project Follow-redirects
Siemens Sinec Ins 1.0
Siemens Sinec Ins
7 Github repositories
5.9
CVSSv3
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
9.1
CVSSv3
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
NA
CVE-2013-3948
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote malicious users to trigger installation of arbitrary applications via a download-manifest itms-services:...
Apple Iphone Os 6.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started