CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects
First published: Mon Jan 10 2022(Updated: )
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Credit: security@huntr.dev security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovirt-web-ui | <0:1.9.2-1.el8e | 0:1.9.2-1.el8e |
| Follow-redirects Project Follow-redirects | <1.14.7 | |
| Siemens Sinec Ins | <1.0 | |
| Siemens Sinec Ins | =1.0 | |
| Siemens Sinec Ins | =1.0-sp1 | |
| npm/follow-redirects | <1.14.7 | 1.14.7 |
| redhat/follow-redirects | <1.14.9 | 1.14.9 |
| IBM Cloud Pak for Business Automation | <=V23.0.1 - V23.0.1-IF002 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF024 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes |
Remedy
https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-0155 https://nvd.nist.gov/vuln/detail/CVE-2022-0155 https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/
- https://bugzilla.redhat.com/show_bug.cgi?id=2044556
- https://access.redhat.com/errata/RHSA-2022:0595
- https://access.redhat.com/errata/RHSA-2022:1083
- https://access.redhat.com/errata/RHSA-2022:1715
- https://access.redhat.com/errata/RHSA-2022:8502
- https://access.redhat.com/security/cve/cve-2022-0155
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
- https://nvd.nist.gov/vuln/detail/CVE-2022-0155
- https://github.com/advisories/GHSA-74fj-2j2h-c42q (Advisory)
- https://access.redhat.com/errata/RHSA-2022:0856
- https://access.redhat.com/errata/RHSA-2022:1476
- https://access.redhat.com/errata/RHSA-2022:1681
- https://exchange.xforce.ibmcloud.com/vulnerabilities/216974
- https://www.ibm.com/support/pages/node/7047198
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2022-0155?
CVE-2022-0155 is a vulnerability that allows a remote attacker to obtain sensitive information by sending a specially-crafted request.
How does CVE-2022-0155 affect the follow-redirects package?
CVE-2022-0155 affects the follow-redirects package, allowing a remote attacker to obtain sensitive information.
How can an attacker exploit CVE-2022-0155?
An attacker can exploit CVE-2022-0155 by sending a specially-crafted request to obtain private personal information.
What is the severity of CVE-2022-0155?
CVE-2022-0155 has a severity rating of high.
How can I fix CVE-2022-0155 in the follow-redirects package?
To fix CVE-2022-0155 in the follow-redirects package, update to version 1.14.9 or later.
- collector/redhat-cve
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-74fj-2j2h-c42q
- alias/CVE-2022-0155
- collector/nvd-cve
- collector/github-advisory
- agent/author
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/follow-redirects project
- canonical/follow-redirects project follow-redirects
- vendor/siemens
- canonical/siemens sinec ins
- version/siemens sinec ins/1.0
- version/siemens sinec ins/1.0-sp1
- package-manager/npm