VYPR
Moderate severityNVD Advisory· Published Jan 2, 2024· Updated Nov 3, 2025

CVE-2023-26159

CVE-2023-26159

Description

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
follow-redirectsnpm
< 1.15.41.15.4

Affected products

82

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.