Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 22.04 LTS USN-8217-1 node-follow-redirects Moderate Risk Data Leak

ubuntu
Calendar Grey April 28, 2026
Dist Ubuntu Esm H88
Security issues in node-follow-redirects fixed for Ubuntu LTS releases due to potential data exposure risks.
Several security issues were fixed in follow-redirects.

Summary

Several security issues were fixed in follow-redirects.

Software Description:

- node-follow-redirects: Node.js module that automatically follows HTTP(S) redirects

Details:

It was discovered that follow-redirects did not properly protect sensitive

user information during redirects. An attacker could possibly use this

issue to expose sensitive information. This issue only affected Ubuntu

18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0155)

It was discovered that follow-redirects did not properly remove sensitive

information before storage or transfer. An attacker could possibly use this

issue to expose sensitive information. This issue only affected Ubuntu

18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0536)

It was discovered that follow-redirects did not properly validate URLs when

handling certain inputs. An attacker could possibly use this issue to

redirect users to a malicious site, resulting in information disclosure or

phishing attacks. (CVE-2023-26159)

It was discovered that follo...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate Ubuntu sensitive information attack exposure node-follow-redirects

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  node-follow-redirects           1.14.9+~1.14.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  node-follow-redirects           1.2.4-1ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  node-follow-redirects           1.2.4-1ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8217-1

CVE-2022-0155, CVE-2022-0536, CVE-2023-26159, CVE-2024-28849

Severity
medium
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8217-1

Topics%20covered

Topics Covered

security advisory moderate Ubuntu sensitive information attack exposure node-follow-redirects

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here