CVE-2022-0155
Publication date 10 January 2022
Last updated 26 August 2025
Ubuntu priority
Description
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| node-follow-redirects | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.0 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
References
Other references
- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
- https://github.com/follow-redirects/follow-redirects/issues/183
- https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
- https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
- https://www.cve.org/CVERecord?id=CVE-2022-0155