follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Mon, 11 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat acm
Redhat multicluster Engine |
|
CPEs | cpe:/a:redhat:acm:2.10::el9 cpe:/a:redhat:multicluster_engine:2.5::el8 |
|
Vendors & Products |
Redhat acm
Redhat multicluster Engine |
Thu, 31 Oct 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat openshift Gitops
|
|
CPEs | cpe:/a:redhat:openshift_gitops:1.12::el8 cpe:/a:redhat:openshift_gitops:1.12::el9 |
|
Vendors & Products |
Redhat openshift Gitops
|
Thu, 26 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhmt
|
|
CPEs | cpe:/a:redhat:rhmt:1.8::el8 | |
Vendors & Products |
Redhat rhmt
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-14T17:07:27.338Z
Updated: 2024-08-02T19:46:22.123Z
Reserved: 2024-03-11T22:45:07.685Z
Link: CVE-2024-28849
Vulnrichment
Updated: 2024-08-02T00:56:58.148Z
NVD
Status : Awaiting Analysis
Published: 2024-03-14T17:15:52.097
Modified: 2024-11-21T09:07:02.530
Link: CVE-2024-28849
Redhat