What is the severity of CVE-2023-26159?

CVE-2023-26159 has been classified as a moderate severity vulnerability due to its potential for phishing attacks.

How do I fix CVE-2023-26159?

To fix CVE-2023-26159, upgrade the follow-redirects package to version 1.15.4 or later.

What does CVE-2023-26159 affect?

CVE-2023-26159 affects the follow-redirects package versions prior to 1.15.4 and certain versions of IBM Cognos Controller.

Can CVE-2023-26159 be exploited remotely?

Yes, CVE-2023-26159 can be exploited remotely by an attacker using a specially crafted URL to redirect users.

What type of vulnerability is CVE-2023-26159?

CVE-2023-26159 is classified as an open redirect vulnerability.

Vulnerability/
CVE-2023-26159

high

7.3

CWE

20 601

2/1/2024

20/2/2025

CVE-2023-26159: Input Validation

First published: Tue Jan 02 2024(Updated: )

follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

Credit: report@snyk.io

Affected Software	Affected Version	How to fix
npm/follow-redirects	<1.15.4	1.15.4
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query with Cloud Pak for Data	<=2.2
IBM Watson Query with Cloud Pak for Data	<=2.1
IBM Watson Query with Cloud Pak for Data	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7
follow-redirects	<1.15.4

Remedy

https://github.com/follow-redirects/follow-redirects/pull/236

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183851

Frequently Asked Questions

What is the severity of CVE-2023-26159?
CVE-2023-26159 has been classified as a moderate severity vulnerability due to its potential for phishing attacks.
How do I fix CVE-2023-26159?
To fix CVE-2023-26159, upgrade the follow-redirects package to version 1.15.4 or later.
What does CVE-2023-26159 affect?
CVE-2023-26159 affects the follow-redirects package versions prior to 1.15.4 and certain versions of IBM Cognos Controller.
Can CVE-2023-26159 be exploited remotely?
Yes, CVE-2023-26159 can be exploited remotely by an attacker using a specially crafted URL to redirect users.
What type of vulnerability is CVE-2023-26159?
CVE-2023-26159 is classified as an open redirect vulnerability.

agent/type
agent/first-publish-date
agent/weakness
agent/remedy
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-jchw-25xp-jwwc
alias/CVE-2023-26159
agent/software-canonical-lookup
collector/github-advisory
agent/severity
agent/description
agent/trending
agent/source
collector/redhat-bugzilla
source/Red Hat
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
agent/author
agent/references
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
package-manager/npm
vendor/follow-redirects
canonical/follow-redirects
vendor/ibm
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query with cloud pak for data
version/ibm watson query with cloud pak for data/2.2
version/ibm watson query with cloud pak for data/2.1
version/ibm watson query with cloud pak for data/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7