Описание
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Ссылки
- ExploitPatchTechnical DescriptionThird Party Advisory
- ExploitIssue TrackingPatchTechnical DescriptionVendor Advisory
- Patch
- ExploitPatchTechnical DescriptionThird Party Advisory
- ExploitIssue TrackingPatchTechnical DescriptionVendor Advisory
- Patch
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
Уязвимость пакета Request программной платформы Node.js, позволяющая нарушителю осуществить SSRF-атаку
EPSS
6.1 Medium
CVSS3