Information Exposure Affecting follow-redirects Open this link in a new tab package, versions <1.14.7
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
12 Jan 2022
11 Jan 2022
How to fix?
follow-redirects to version 1.14.7 or higher.
Affected versions of this package are vulnerable to Information Exposure by leaking the cookie header to a third party site in the process of fetching a remote URL with the cookie in the request body. If the response contains a
location header, it will follow the redirect to another URL of a potentially malicious actor, to which the cookie would be exposed.