漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Follow Redirects 安全漏洞
Vulnerability Description
Follow Redirects是一个自动遵循 Http(s) 重定向的 Node.js 模块。 Follow Redirects 1.15.4之前版本存在安全漏洞,该漏洞源于url.parse()函数对 URL 的处理不当。攻击者利用该漏洞将流量重定向到恶意站点,从而可能导致信息泄露、网络钓鱼攻击或其他安全漏洞。
CVSS Information
N/A
Vulnerability Type
N/A