Sensitive Data Exposure

Phin is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper handling of requests, which allows an attacker to expose sensitive information in specific headers during the redirection process if followredirects is enabled...

0.extends.wechat (>=1.0.51 <=1.0.65), 10secondsofcode-custom (=1.0.0) +5087 more potentially affected by unknown CVE via phin (>=1.0.8 <=3.7.0)

phin NPM version =1.0.8, =1.0.51, =1.0.0, =1.0.0, =0.0.2, =0.0.1, =1.8.6, =0.5.0, =0.0.2, =1.0.1, =1.0.0, =0.1.13, =0.4.20 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X565-32QP-M3VF...

GHSA-X565-32QP-M3VF phin may include sensitive headers in subsequent requests after redirect

Impact Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled. Patches The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations. Workarounds N/A...