follow-redirects

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting follow-redirectspage 1 of 1

CVE-2022-0155MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.14.7
2022-01-10
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-0536LOWCVSS 2.6EG 2.6✓ Fixed in 1.14.8
2022-02-09
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
CVE-2023-26159HIGHCVSS 7.3EG 7.3✓ Fixed in 1.15.4
2024-01-02
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the …
CVE-2024-28849MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.15.6
2024-03-14
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but ke…

Check whether follow-redirects is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for follow-redirects CVEs against the assets you own.

Start Free Scan →