All vulnerabilities
CVE-2023-26159
Follow Redirects improperly handles URLs in the url.parse() function
Description
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
6.1
Severity
Medium
Ecosystem
JavaScript
Publish Date
January 2, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Versions

