Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2023-26159

Published: 02/01/2024 Updated: 23/01/2024
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Follow-redirects

Vulnerability Summary

Versions of the package follow-redirects prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

Vulnerable Product Search on Vulmon Subscribe to Product

follow-redirects follow redirects

Vendor Advisories

Debian CVElist Bug Report Logs: node-follow-redirects: CVE-2023-26159
Debian Bug report logs - #1059926 node-follow-redirects: CVE-2023-26159 Package: src:node-follow-redirects; Maintainer for src:node-follow-redirects is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Jan 2024 18:54:01 UTC ...
Red Hat: Moderate: Logging Subsystem 5.8.2 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 582 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Moderate: Logging Subsystem 582 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of moderate A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Synopsis Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Migration Toolkit for Runtimes 124 releaseRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-601https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137https://github.com/follow-redirects/follow-redirects/issues/235https://github.com/follow-redirects/follow-redirects/pull/236https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059926https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-26159
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook