Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-0536 (Low) detected in follow-redirects-1.14.7.tgz #1238

Closed
mend-for-github-com bot opened this issue Feb 11, 2022 · 0 comments · Fixed by #1247
Closed

CVE-2022-0536 (Low) detected in follow-redirects-1.14.7.tgz #1238

mend-for-github-com bot opened this issue Feb 11, 2022 · 0 comments · Fixed by #1247
Labels
cve Security vulnerabilities detected by Dependabot or Mend low severity Low severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0

Comments

@mend-for-github-com
Copy link

CVE-2022-0536 - Low Severity Vulnerability

Vulnerable Library - follow-redirects-1.14.7.tgz

HTTP and HTTPS modules that follow redirects.

Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.7.tgz

Dependency Hierarchy:

  • chromedriver-91.0.1.tgz (Root Library)
    • axios-0.21.4.tgz
      • follow-redirects-1.14.7.tgz (Vulnerable Library)

Found in HEAD commit: f981b395344845e11576612d79b0605424b6b31d

Found in base branch: main

Vulnerability Details

Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.

Publish Date: 2022-02-09

URL: CVE-2022-0536

CVSS 3 Score Details (2.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0536

Release Date: 2022-02-09

Fix Resolution: follow-redirects - 1.14.8
@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Feb 11, 2022
@tmarkley tmarkley added low severity Low severity CVE cve Security vulnerabilities detected by Dependabot or Mend labels Feb 11, 2022
@tmarkley tmarkley mentioned this issue Feb 16, 2022
Merged
@tmarkley tmarkley linked a pull request Feb 16, 2022 that will close this issue
Bump follow-redirects from 1.14.7 to 1.14.8 #1247
Merged
@ZilongX ZilongX mentioned this issue Oct 22, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend low severity Low severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump follow-redirects from 1.14.7 to 1.14.8 opensearch-project/OpenSearch-Dashboards
1 participant
@tmarkley