Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28155

Опубликовано: 16 мар. 2023
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 4cryostat/cryostat-openshift-console-plugin-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
OpenShift Serverlessopenshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8Not affected
Red Hat build of Apicurio Registry 2io.apicurio-apicurio-registryNot affected
Red Hat Ceph Storage 7arrowAffected
Red Hat Ceph Storage 7pybindAffected
Red Hat Ceph Storage 7thriftAffected
Red Hat Ceph Storage 8arrowAffected
Red Hat Ceph Storage 8pybindAffected
Red Hat Ceph Storage 8thriftAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=2389923request: bypass of SSRF mitigations when following a cross-protocol redirect

EPSS

Процентиль: 67%
0.0054
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28155

CVSS3: 6.1
ubuntu
больше 2 лет назад

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

nvd логотип

CVE-2023-28155

CVSS3: 6.1
nvd
больше 2 лет назад

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

msrc логотип

CVE-2023-28155

CVSS3: 6.1
msrc
больше 2 лет назад

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

debian логотип

CVE-2023-28155

CVSS3: 6.1
debian
больше 2 лет назад

The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...

github логотип

GHSA-p8p7-x288-28g6

CVSS3: 6.1
github
больше 2 лет назад

Server-Side Request Forgery in Request

EPSS

Процентиль: 67%
0.0054
Низкий

6.1 Medium

CVSS3