Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-28849
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-14 Mar, 2024 | 17:15
Updated At-05 Dec, 2025 | 15:45

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
follow-redirects_project
follow-redirects_project
>>follow-redirects>>Versions before 1.15.6(exclusive)
cpe:2.3:a:follow-redirects_project:follow-redirects:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-advisories@github.com
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fetch.spec.whatwg.org/#authentication-entriessecurity-advisories@github.com
Technical Description
https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649bsecurity-advisories@github.com
Patch
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfpsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/psf/requests/issues/1885security-advisories@github.com
Issue Tracking
https://hackerone.com/reports/2390009security-advisories@github.com
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/security-advisories@github.com
Mailing List
Third Party Advisory
https://fetch.spec.whatwg.org/#authentication-entriesaf854a3a-2127-422b-91ae-364da2661108
Technical Description
https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649baf854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfpaf854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
https://github.com/psf/requests/issues/1885af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://hackerone.com/reports/2390009af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
Hyperlink: https://fetch.spec.whatwg.org/#authentication-entries
Source: security-advisories@github.com
Resource:
Technical Description
Hyperlink: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/psf/requests/issues/1885
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://hackerone.com/reports/2390009
Source: security-advisories@github.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/
Source: security-advisories@github.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://fetch.spec.whatwg.org/#authentication-entries
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Hyperlink: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/psf/requests/issues/1885
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://hackerone.com/reports/2390009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Change History
0Changes found
Details not found