Skip to content
This repository has been archived by the owner on Jan 20, 2024. It is now read-only.

Request: Deprecated & Security Issue #158

Open
paulhayeswb opened this issue Apr 24, 2023 · 0 comments
Open

Request: Deprecated & Security Issue #158

paulhayeswb opened this issue Apr 24, 2023 · 0 comments

Comments

@paulhayeswb
Copy link

The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant