{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T01:16:29.376","vulnerabilities":[{"cve":{"id":"CVE-2023-26159","sourceIdentifier":"report@snyk.io","published":"2024-01-02T05:15:08.630","lastModified":"2026-06-17T05:42:48.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches."},{"lang":"es","value":"Las versiones del paquete follow-redirects anteriores a la 1.15.4 son vulnerables a una validación de entrada incorrecta debido al manejo inadecuado de las URL por parte de la función url.parse(). Cuando la nueva URL() arroja un error, se puede manipular para malinterpretar el nombre de host. Un atacante podría aprovechar esta debilidad para redirigir el tráfico a un sitio malicioso, lo que podría provocar la divulgación de información, ataques de phishing u otras violaciones de seguridad."}],"affected":[{"source":"report@snyk.io","affectedData":[{"vendor":"n/a","product":"follow-redirects","versions":[{"version":"0","lessThan":"1.15.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-09T18:34:28.261000Z","id":"CVE-2023-26159","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:follow-redirects:follow_redirects:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.15.4","matchCriteriaId":"5E9B14E8-F184-4F4C-8275-8FE1D093D258"}]}]}],"references":[{"url":"https://github.com/follow-redirects/follow-redirects/issues/235","source":"report@snyk.io","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/follow-redirects/follow-redirects/pull/236","source":"report@snyk.io","tags":["Issue Tracking","Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/follow-redirects/follow-redirects/issues/235","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/follow-redirects/follow-redirects/pull/236","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20241108-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}