VYPR
Moderate severityNVD Advisory· Published Mar 16, 2023· Updated Aug 2, 2024

CVE-2023-28155

CVE-2023-28155

Description

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
requestnpm
<= 2.88.2
@cypress/requestnpm
< 3.0.03.0.0

Affected products

53

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.