Moderate severityNVD Advisory· Published Jan 2, 2024· Updated Nov 3, 2025
CVE-2023-26159
CVE-2023-26159
Description
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
follow-redirectsnpm | < 1.15.4 | 1.15.4 |
Affected products
82- follow-redirects/follow-redirectsdescription
- osv-coords81 versionspkg:apk/chainguard/configurable-http-proxypkg:apk/chainguard/kibana-7pkg:apk/chainguard/kibana-7.17pkg:apk/chainguard/kibana-7-bitnamipkg:apk/chainguard/kubeflow-centraldashboardpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/lernapkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/configurable-http-proxypkg:apk/wolfi/kubeflow-centraldashboardpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/lernapkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:npm/follow-redirects
< 4.6.1-r1+ 80 more
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 7.17.24-r0
- (no CPE)range: < 7.17.29-r0
- (no CPE)range: < 7.17.24-r0
- (no CPE)range: < 1.8.0-r1
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 1.8.0-r1
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 2.0.5-r2
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 1.15.4
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-jchw-25xp-jwwcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26159ghsaADVISORY
- github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19dghsaWEB
- github.com/follow-redirects/follow-redirects/issues/235ghsaWEB
- github.com/follow-redirects/follow-redirects/pull/236ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XMghsaWEB
- security.netapp.com/advisory/ntap-20241108-0002ghsaWEB
- security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/mitre
News mentions
0No linked articles in our index yet.