Kim Donggyu

**Name of the Vulnerable Software and Affected Versions** follow-redirects versions prior to 1.15.4 **Description** The issue is related to the improper handling of URLs by the `url.parse()` function in the follow-redirects module of Node.js. This can be exploited by a remote attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. When `new URL()` throws an error, it can be manipulated to misinterpret the hostname. **Recommendations** For versions prior to 1.15.4, update to version 1.15.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `url.parse()` function until a patch is available. Avoid using the `new URL()` function with untrusted input until the issue is resolved.