Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/03/2024 Updated: 23/03/2024

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Debian Bug report logs - #1066971 node-follow-redirects: CVE-2024-28849 Package: src:node-follow-redirects; Maintainer for src:node-follow-redirects is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 16 Mar 2024 10:06:02 UTC ...

https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp https://github.com/psf/requests/issues/1885 https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b https://hackerone.com/reports/2390009 https://fetch.spec.whatwg.org/#authentication-entries https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066971 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-28849

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect