Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
History

Mon, 11 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat acm
Redhat multicluster Engine
CPEs cpe:/a:redhat:acm:2.9::el8
cpe:/a:redhat:multicluster_engine:2.4::el8
Vendors & Products Redhat acm
Redhat multicluster Engine

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-01-02T05:00:00.659Z

Updated: 2024-08-02T11:39:06.643Z

Reserved: 2023-02-20T10:28:48.931Z

Link: CVE-2023-26159

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-02T05:15:08.630

Modified: 2024-11-21T07:50:54.353

Link: CVE-2023-26159

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-02T00:00:00Z

Links: CVE-2023-26159 - Bugzilla