GHSA-x565-32qp-m3vf

Suggest an improvement
Source
https://github.com/advisories/GHSA-x565-32qp-m3vf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-x565-32qp-m3vf/GHSA-x565-32qp-m3vf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x565-32qp-m3vf
Published
2024-04-11T21:30:30Z
Modified
2024-04-11T21:30:31Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
phin may include sensitive headers in subsequent requests after redirect
Details

Impact

Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.

Patches

The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.

Workarounds

N/A. Please update to resolve the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed_at": "2024-04-11T21:30:30Z",
    "nvd_published_at": null,
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

npm / phin

Package

Name
phin
View open source insights on deps.dev
Purl
pkg:npm/phin

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-x565-32qp-m3vf/GHSA-x565-32qp-m3vf.json"