The vulnerability in follow-redirects can expose sensitive custom authentication headers during cross-domain redirects, creating a serious risk for applications that rely on headers such as X-API-Key or X-Auth-Token. Since this package is commonly used indirectly through libraries like axios in Node.js environments, the impact can be broader than many developers expect. Users should upgrade to follow-redirects 1.16.0 or later as soon as possible.
CVE Report
CVE Link
The vulnerability in follow-redirects can expose sensitive custom authentication headers during cross-domain redirects, creating a serious risk for applications that rely on headers such as X-API-Key or X-Auth-Token. Since this package is commonly used indirectly through libraries like axios in Node.js environments, the impact can be broader than many developers expect. Users should upgrade to follow-redirects 1.16.0 or later as soon as possible.
CVE Report
CVE Link