CGA-qhpw-vxjv-g4hr

Published

Last updated

https://images.chainguard.dev/security/CGA-qhpw-vxjv-g4hr

Package

opensearch-dashboards-2-fips

Latest Update

Fixed

Fixed Version

2.13.0-r0

Aliases

CVE-2023-26159
GHSA-jchw-25xp-jwwc

Severity

6.1

Medium

CVSS V3

Summary

Follow Redirects improperly handles URLs in the url.parse() function

Description

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26159
https://github.com/advisories/GHSA-jchw-25xp-jwwc
https://github.com/follow-redirects/follow-redirects/issues/235
https://github.com/follow-redirects/follow-redirects/pull/236
https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d
https://github.com/follow-redirects/follow-redirects
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM
https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-qhpw-vxjv-g4hr

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources