REDHAT-BUG-2256413: Input Validation
ollow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
https://github.com/follow-redirects/follow-redirects/issues/235 https://github.com/follow-redirects/follow-redirects/pull/236 https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2256413?
The severity of REDHAT-BUG-2256413 is considered high due to improper input validation that can lead to potential redirection attacks.
How do I fix REDHAT-BUG-2256413?
To fix REDHAT-BUG-2256413, upgrade the follow-redirects package to version 1.15.4 or later.
What vulnerability is associated with REDHAT-BUG-2256413?
REDHAT-BUG-2256413 is associated with improper handling of URLs in the url.parse() function.
What are the risks of not addressing REDHAT-BUG-2256413?
Not addressing REDHAT-BUG-2256413 could allow attackers to manipulate URLs, leading to malicious traffic redirection.
Which versions of follow-redirects are affected by REDHAT-BUG-2256413?
Versions of follow-redirects prior to 1.15.4 are affected by REDHAT-BUG-2256413.