phin may include sensitive headers in subsequent requests after redirect
Moderate severity
GitHub Reviewed
Published
Apr 11, 2024
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published to the GitHub Advisory Database
Apr 11, 2024
Reviewed
Apr 11, 2024
Last updated
Apr 11, 2024
Impact
Users may be impacted if sending requests including sensitive data in specific headers with
followRedirectsenabled.Patches
The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.
Workarounds
N/A. Please update to resolve the issue.
References