[USN-8217-1] follow-redirects vulnerabilities

========================================================================== Ubuntu Security Notice USN-8217-1 April 28, 2026 node-follow-redirects vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in follow-redirects. Software Description: - node-follow-redirects: Node.js module that automatically follows HTTP(S) redirects Details: It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0155) It was discovered that follow-redirects did not properly remove sensitive information before storage or transfer. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0536) It was discovered that follow-redirects did not properly validate URLs when handling certain inputs. An attacker could possibly use this issue to redirect users to a malicious site, resulting in information disclosure or phishing attacks. (CVE-2023-26159) It was discovered that follow-redirects did not properly clear proxy authentication headers during cross-domain redirects. An attacker could possibly use this issue to cause exposure of sensitive credentials. (CVE-2024-28849) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS node-follow-redirects 1.14.9+~1.14.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS node-follow-redirects 1.2.4-1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS node-follow-redirects 1.2.4-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8217-1 CVE-2022-0155, CVE-2022-0536, CVE-2023-26159, CVE-2024-28849