Plattform
nodejs
Komponente
follow-redirects
Behoben in
1.14.7
CVE-2022-0155 describes a vulnerability in the follow-redirects package, affecting versions up to and including 1.14.7. This vulnerability results in the Exposure of Private Personal Information to an Unauthorized Actor. The vulnerability allows attackers to potentially access sensitive data. Upgrade to version 1.14.7 to address this issue.
The vulnerability in follow-redirects allows an attacker to potentially expose private personal information. This can occur if the package is used in a context where it follows redirects to external or untrusted domains. An attacker could craft a malicious redirect chain that exposes sensitive data to an unauthorized actor. The potential impact includes data breaches, identity theft, and reputational damage. The blast radius is dependent on the applications using the vulnerable follow-redirects package.
CVE-2022-0155 is not currently listed on KEV or EPSS. The CVSS score of 8 (High) indicates a significant risk. Public proof-of-concept (POC) exploits are not widely available. Published by the NVD on 2022-01-10.
Exploit-Status
EPSS
1.30% (80% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2022-0155 is to upgrade the follow-redirects package to version 1.14.7 or later. If upgrading is not immediately possible, carefully review all redirect chains and ensure that they only lead to trusted domains. Implement strict input validation and sanitization to prevent attackers from injecting malicious redirects. Consider using a web application firewall (WAF) to filter out suspicious redirect requests. After upgrade, confirm by testing redirect chains to ensure they are handled securely.
Actualice la dependencia follow-redirects a la versión 1.14.7 o superior. Esto corrige la vulnerabilidad de exposición de información personal privada. Ejecute `npm install follow-redirects@latest` o `yarn upgrade follow-redirects@latest` para actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2022-0155 is a vulnerability in the follow-redirects package that allows unauthorized actors to potentially expose private personal information by improperly handling redirects.
Applications using versions of the follow-redirects package prior to 1.14.7 are potentially affected by this vulnerability.
Upgrade the follow-redirects package to version 1.14.7 or later to resolve this vulnerability.
As of now, there are no publicly available exploitation reports or proof-of-concept code for CVE-2022-0155.
Refer to the National Vulnerability Database (NVD) entry for CVE-2022-0155 at https://nvd.nist.gov/vuln/detail/CVE-2022-0155 for more information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.