npm package
@isomorphic-git/cors-proxy
pkg:npm/%40isomorphic-git/cors-proxy
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23664 | Hig | 8.6 | < 2.7.1 | 2.7.1 | Jan 21, 2022 | The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. |
- affected < 2.7.1fixed 2.7.1
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.