{"id":"USN-8217-1","summary":"node-follow-redirects vulnerabilities","details":"It was discovered that follow-redirects did not properly protect sensitive\nuser information during redirects. An attacker could possibly use this\nissue to expose sensitive information. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0155)\n\nIt was discovered that follow-redirects did not properly remove sensitive\ninformation before storage or transfer. An attacker could possibly use this\nissue to expose sensitive information. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0536)\n\nIt was discovered that follow-redirects did not properly validate URLs when\nhandling certain inputs. An attacker could possibly use this issue to\nredirect users to a malicious site, resulting in information disclosure or\nphishing attacks. (CVE-2023-26159)\n\nIt was discovered that follow-redirects did not properly clear proxy\nauthentication headers during cross-domain redirects. An attacker could\npossibly use this issue to cause exposure of sensitive credentials.\n(CVE-2024-28849)","modified":"2026-04-29T10:45:17.150695519Z","published":"2026-04-28T13:57:04Z","related":["UBUNTU-CVE-2022-0155","UBUNTU-CVE-2022-0536","UBUNTU-CVE-2023-26159","UBUNTU-CVE-2024-28849"],"upstream":["CVE-2022-0155","CVE-2022-0536","CVE-2023-26159","CVE-2024-28849","UBUNTU-CVE-2022-0155","UBUNTU-CVE-2022-0536","UBUNTU-CVE-2023-26159","UBUNTU-CVE-2024-28849"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8217-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0536"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-26159"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-28849"}],"affected":[{"package":{"name":"node-follow-redirects","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/node-follow-redirects@1.2.4-1ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.4-1ubuntu0.18.04.1~esm1"}]}],"versions":["1.2.4-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-follow-redirects","binary_version":"1.2.4-1ubuntu0.18.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8217-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0155"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0536"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-26159"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-28849"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"node-follow-redirects","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/node-follow-redirects@1.2.4-1ubuntu0.20.04.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.4-1ubuntu0.20.04.1~esm1"}]}],"versions":["1.2.4-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-follow-redirects","binary_version":"1.2.4-1ubuntu0.20.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8217-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0155"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0536"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-26159"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-28849"}]}}},{"package":{"name":"node-follow-redirects","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/node-follow-redirects@1.14.9+~1.14.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14.9+~1.14.1-1ubuntu0.1~esm1"}]}],"versions":["1.13.1-1","1.14.5-1","1.14.7+~1.13.1-1","1.14.8+~1.14.0-1","1.14.9+~1.14.1-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-follow-redirects","binary_version":"1.14.9+~1.14.1-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8217-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-26159"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-28849"}]}}}],"schema_version":"1.7.5"}