CVE-2022-0536

NameCVE-2022-0536
DescriptionExposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-follow-redirects (PTS)buster1.2.4-1vulnerable
bullseye1.13.1-1+deb11u1fixed
bookworm, sid1.15.1+~1.14.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-follow-redirectssourcebullseye1.13.1-1+deb11u1
node-follow-redirectssource(unstable)1.14.8+~1.14.0-1

Notes

[buster] - node-follow-redirects <no-dsa> (Minor issue)
https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8)

Search for package or bug name: Reporting problems