VYPR

npm package

cors-anywhere

pkg:npm/cors-anywhere

Vulnerabilities (1)

  • CVE-2020-36851CriSep 25, 2025
    affected <= 0.4.4

    Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local me