Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-0155: Cookie header not cleared upon cross-domain redirect #4378

Closed
mateusbandeiraa opened this issue Jan 12, 2022 · 3 comments
Closed

CVE-2022-0155: Cookie header not cleared upon cross-domain redirect #4378

mateusbandeiraa opened this issue Jan 12, 2022 · 3 comments

Comments

@mateusbandeiraa
Copy link

mateusbandeiraa commented Jan 12, 2022
edited

Describe the bug

Axios depends on follow-redirects version 1.14.4.

There's a CVE that allows cookie exposure through redirects (described here). This CVE was fixed in follow-redirects v1.14.17.

To Reproduce

Run a vulnerability scan

Expected behavior

Depend on follow-redirects v1.14.17 or later.

Environment

Additional context/Screenshots

Related: follow-redirects/follow-redirects#183
@github-actions
Copy link
Contributor

Hello! 👋

This issue is being automatically closed because it does not follow the issue template. Please read the issue template carefully and follow all of the instructions when opening a new issue.

Thanks

@mateusbandeiraa
Copy link
Author

@jasonsaayman I edited the original issue. Can we reopen this instead of creating a duplicate?

@mateusbandeiraa
Copy link
Author

#4379 addresses this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mateusbandeiraa