CVE-2022-0536Improper Removal of Sensitive Information Before Storage or Transfer in Follow-redirects

CWE-212Improper Removal of Sensitive Information Before Storage or TransferCWE-319Cleartext Transmission of Sensitive InfoCWE-200Sensitive Information Exposure7 documents6 sources
Severity
5.9MEDIUMNVD
CNA2.6
EPSS
0.1%
top 78.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Follow-redirects Follow-redirectsFollow-redirects Project Follow-redirects
Timeline
PublishedFeb 9
Latest updateFeb 10

Description

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5follow-redirects/follow-redirects_follow-redirectsunspecified1.14.8

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects2022-02-10
OSV
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects2022-02-10
CVEList
Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects2022-02-09
OSV
CVE-2022-0536: Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 12022-02-09

📋Vendor Advisories

2
Red Hat
follow-redirects: Exposure of Sensitive Information via Authorization Header leak2022-02-09
Debian
CVE-2022-0536: node-follow-redirects - Improper Removal of Sensitive Information Before Storage or Transfer in NPM foll...2022
CVE-2022-0536 — Follow-redirects vulnerability | cvebase