CVE-2022-0155

NameCVE-2022-0155
Descriptionfollow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-follow-redirects (PTS)buster1.2.4-1vulnerable
bullseye1.13.1-1+deb11u1fixed
bookworm1.15.2+~1.14.1-1fixed
sid, trixie1.15.6+~1.14.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-follow-redirectssourcebullseye1.13.1-1+deb11u1
node-follow-redirectssource(unstable)1.14.7+~1.13.1-1

Notes

[buster] - node-follow-redirects <ignored> (Minor issue, too intrusive to backport)
https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
https://github.com/follow-redirects/follow-redirects/issues/183
https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
Search for package or bug name: Reporting problems