Follow Redirects 信息泄露漏洞

🗓️ 09 Feb 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Follow Redirects information disclosure in Node.js before 1.14.8 exposes data to unauthorized.

Reporter	Title	Published	Views	Family All 64
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	16 May 202420:23	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js follow-redirects module affects IBM Cloud Automation Manager	15 Mar 202217:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-0536	22 Apr 202215:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2022-0155 & CVE-2022-0536)	12 May 202215:35	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties in Open Source packages affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by follow-redirects vulnerabilities (CVE-2022-0155 and CVE-2022-0536)	14 Jul 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022	29 Apr 202210:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js follow-redirects module information disclosure vulnerabilities (CVE-2022-0536, CVE-2022-0155)	7 Feb 202321:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September 2023	5 Oct 202308:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data	3 Aug 202216:26	–	ibm

Source	Link
github	www.github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445
huntr	www.huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db
packetstormsecurity	www.packetstormsecurity.com/files/166983/Red-Hat-Security-Advisory-2022-1739-01.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022042561
access	www.access.redhat.com/security/cve/cve-2022-0536
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022062931
packetstormsecurity	www.packetstormsecurity.com/files/166812/Red-Hat-Security-Advisory-2022-1476-01.html
packetstormsecurity	www.packetstormsecurity.com/files/166516/Red-Hat-Security-Advisory-2022-1083-01.html
packetstormsecurity	www.packetstormsecurity.com/files/168657/Red-Hat-Security-Advisory-2022-6835-01.html
auscert	www.auscert.org.au/bulletins/ESB-2022.5020

23 May 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24.3

CVSS 3.12.6 - 5.9

EPSS0.00069

follow redirects information disclosure nodejs module version 1.14.8 sensitive data unauthorized access