Vulnerability in follow-redirects (!1197) · Merge requests · Arkindex / Frontend

Erwan Rouchet requested to merge vuln-follow-redirects into master Feb 21, 2022

https://github.com/advisories/GHSA-pw2r-vq6v-hr8c

Redirecting from https://arkindex.teklia.com to http://arkindex.teklia.com could cause the Authorization header to be sent unencrypted via Axios. We don't redirect, we don't HTTP, and we do not only use the Authorization header since the CSRF token is required.

Edited Feb 21, 2022 by Erwan Rouchet

Vulnerability in follow-redirects

Merge request reports