GHSA-x565-32qp-m3vf

Source

https://github.com/advisories/GHSA-x565-32qp-m3vf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-x565-32qp-m3vf/GHSA-x565-32qp-m3vf.json

Published

2024-04-11T21:30:30Z

Modified

2024-04-11T21:30:31Z

Summary

phin may include sensitive headers in subsequent requests after redirect

Details

Impact

Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.

Patches

The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.

Workarounds

N/A. Please update to resolve the issue.

References

• https://github.com/ethanent/phin/security/advisories/GHSA-x565-32qp-m3vf
• https://github.com/ethanent/phin/commit/c071f95336a987dad9332fd388adeb249925cc57
• https://github.com/ethanent/phin