{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T12:43:03.954","vulnerabilities":[{"cve":{"id":"CVE-2022-24719","sourceIdentifier":"security-advisories@github.com","published":"2022-03-01T21:15:07.923","lastModified":"2024-11-21T06:50:56.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2."},{"lang":"es","value":"Fluture-Node es una utilidad HTTP y de streaming de estilo FP para Node basada en Fluture. Usando \"followRedirects\" o \"followRedirectsWith\" con cualquiera de las estrategias de redireccionamiento incorporadas en fluture-node versiones 4.0.0 o 4.0. 1, junto con una petición que incluya encabezados confidenciales como Authorization o Cookie, le expone a una vulnerabilidad en la que, si el servidor de destino redirigiera la petición a un servidor en un dominio de terceros, o al mismo dominio a través de HTTP sin cifrar, los encabezados podrían ser incluidos en la petición de seguimiento y quedarían expuestas a terceros, o a un potencial husmeo del tráfico http. Las estrategias de redireccionamiento disponibles en la versión 4.0.2 redactan automáticamente los encabezados confidenciales cuando es seguido un redireccionamiento a otro origen. Se ha identificado una medida de mitigación mediante el uso de una estrategia de redireccionamiento personalizada por medio de la función \"followRedirectsWith\". La estrategia personalizada puede basarse en las nuevas estrategias disponibles en fluture-node@4.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fluture-node_project:fluture-node:4.0.0:*:*:*:*:node.js:*:*","matchCriteriaId":"9E134C6B-520E-4721-92D9-C128A97DD5D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:fluture-node_project:fluture-node:4.0.1:*:*:*:*:node.js:*:*","matchCriteriaId":"EDE49B85-4FA8-45EE-8C14-47E835A658D9"}]}]}],"references":[{"url":"https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/psf/requests/pull/4718","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/psf/requests/pull/4718","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}