CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0536 – Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects
https://notcve.org/view.php?id=CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8. Una Exposición de Información Confidencial a un Actor no Autorizado en NPM follow-redirects versiones anteriores a 1.14.8 A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack. • https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db https://access.redhat.com/security/cve/CVE-2022-0536 https://bugzilla.redhat.com/show_bug.cgi?id=2053259 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 2CVE-2022-0155 – Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects
https://notcve.org/view.php?id=CVE-2022-0155
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor follow-redirects es vulnerable a una Exposición de Información Personal Privada a un Actor no Autorizado A flaw was found in follow-redirects when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked. • https://github.com/coana-tech/CVE-2022-0155-PoC https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 https://access.redhat.com/security/cve/CVE-2022-0155 https://bugzilla.redhat.com/show_bug.cgi?id=2044556 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •