DirectorySecurity Advisories
Sign In
Security Advisories

CGA-qqwm-8ppm-96fx

Published

Last updated

https://images.chainguard.dev/security/CGA-qqwm-8ppm-96fx
Package

nodejs-14

Latest Update
Fixed
Fixed Version

14.21.3-r1

Aliases
  • CVE-2023-28155
  • GHSA-p8p7-x288-28g6

Severity

6.1

Medium

CVSS V3

Summary

Server-Side Request Forgery in Request

Description

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).

NOTE: The request package is no longer supported by the maintainer.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation