8

CVE-2022-0155

Exploit

Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Follow-redirects ProjectFollow-redirects SwPlatformnode.js Version < 1.14.7
SiemensSinec Ins Version < 1.0
SiemensSinec Ins Version1.0 Update-
SiemensSinec Ins Version1.0 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
security@huntr.dev 8 2.1 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Patch
Third Party Advisory
https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
Patch
Third Party Advisory
https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
Patch
Third Party Advisory
Exploit