7.3
CVE-2023-26159
- EPSS 0.8%
- Veröffentlicht 02.01.2024 05:15:08
- Zuletzt bearbeitet 03.11.2025 22:16:05
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
LoginVersions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Follow-redirects ≫ Follow Redirects SwPlatformnode.js Version < 1.15.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.8% | 0.517 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| report@snyk.io | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://github.com/follow-redirects/follow-redirects/issues/235
https://github.com/follow-redirects/follow-redirects/pull/236
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/
https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
https://security.netapp.com/advisory/ntap-20241108-0002/