Dependabot Alert: Follow Redirects improperly handles URLs in the url.parse() function #163

JennaySDavis · 2024-01-12T15:05:34Z

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

JennaySDavis · 2024-01-29T19:40:42Z

#163 Acceptance Criteria

Pass/Fail	Description
Pass	Execute Search; sam.gov returns results to 889 Tool

Comments/Additional Notes
*A minor issue with aria labels was located, affecting the accessibility score. See https://github.com/orgs/GSA/projects/116/views/3?pane=issue&itemId=51527311

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	95
Accessibility	96
Best Practices	93

Passed 01/29/2024 - JSD

LoraBradford · 2024-02-01T16:08:47Z

Reviewed 889 tool, did not see any issues. Story #185 will fix the accessibility score. Thank you! Moving to done!

JennaySDavis added the Tech Task label Jan 12, 2024

felder101 added the Sprint 23 label Jan 29, 2024

JennaySDavis assigned johnbeallgsa and LoraBradford Jan 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot Alert: Follow Redirects improperly handles URLs in the url.parse() function #163

Dependabot Alert: Follow Redirects improperly handles URLs in the url.parse() function #163

JennaySDavis commented Jan 12, 2024

JennaySDavis commented Jan 29, 2024

LoraBradford commented Feb 1, 2024