Описание
Server-Side Request Forgery in Request
The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
NOTE: The request package is no longer supported by the maintainer.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28155
- https://github.com/request/request/issues/3442
- https://github.com/cypress-io/request/pull/28
- https://github.com/github/advisory-database/pull/2500
- https://github.com/request/request/pull/3444
- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f
- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116
- https://github.com/cypress-io/request/releases/tag/v3.0.0
- https://github.com/request/request/blob/master/lib/redirect.js#L111
- https://security.netapp.com/advisory/ntap-20230413-0007
Пакеты
request
<= 2.88.2
Отсутствует
@cypress/request
<= 2.88.12
3.0.0
Связанные уязвимости
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
Уязвимость пакета Request программной платформы Node.js, позволяющая нарушителю осуществить SSRF-атаку