GHSA-x565-32qp-m3vf: phin may include sensitive headers in subsequent requests after redirect

April 11, 2024

Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.

References

github.com/advisories/GHSA-x565-32qp-m3vf
github.com/ethanent/phin
github.com/ethanent/phin/commit/c071f95336a987dad9332fd388adeb249925cc57
github.com/ethanent/phin/security/advisories/GHSA-x565-32qp-m3vf

Detect and mitigate GHSA-x565-32qp-m3vf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →