CVE-2023-26159

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-26159

Severity

6.1

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26159
https://github.com/advisories/GHSA-jchw-25xp-jwwc
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/
https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
https://security.netapp.com/advisory/ntap-20241108-0002/
https://github.com/follow-redirects/follow-redirects/issues/235
https://github.com/follow-redirects/follow-redirects/pull/236

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-26159

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company