CVE-2023-28155

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-28155

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28155.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28155

Aliases

GHSA-p8p7-x288-28g6

Related

Published

2023-03-16T15:15:11Z

Modified

2025-02-19T03:31:33.755102Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Debian:11 / node-request

Package

Name: node-request
Purl: pkg:deb/debian/node-request?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.88.1-5

2.88.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-request

Package

Name: node-request
Purl: pkg:deb/debian/node-request?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.88.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/request/request

Affected ranges

Type: GIT
Repo: https://github.com/request/request
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8162961dfdb73dc35a5a4bfeefb858c2ed2ccbb7

Affected versions

v1.*

v1.2.0

v2.*

v2.17.0

v2.18.0

v2.18.1

v2.19.0

v2.19.1

v2.20.0

v2.20.1

v2.21.0

v2.21.1

v2.22.0

v2.22.1

v2.23.0

v2.23.1

v2.24.0

v2.24.1

v2.25.0

v2.25.1

v2.26.0

v2.26.1

v2.27.0

v2.27.1

v2.28.0

v2.28.1

v2.29.0

v2.29.1

v2.30.0

v2.30.1

v2.31.0

v2.31.1

v2.32.0

v2.32.1

v2.33.0

v2.33.1

v2.34.0

v2.34.1

v2.35.0

v2.35.1

v2.36.0

v2.36.1

v2.37.0

v2.37.1

v2.38.0

v2.38.1

v2.39.0

v2.39.1

v2.40.0

v2.40.1

v2.41.0

v2.41.1

v2.42.0

v2.42.1

v2.43.0

v2.43.1

v2.44.0

v2.44.1

v2.45.0

v2.45.1

v2.46.0

v2.46.1

v2.47.0

v2.47.1

v2.48.0

v2.48.1

v2.49.0

v2.49.1

v2.50.0

v2.50.1

v2.51.0

v2.51.1

v2.52.0

v2.52.1

v2.53.0

v2.53.1

v2.54.0

v2.54.1

v2.55.0

v2.55.1

v2.56.0

v2.56.1

v2.57.0

v2.57.1

v2.58.0

v2.58.1

v2.59.0

v2.59.1

v2.60.0

v2.60.1

v2.61.0

v2.61.1

v2.62.0

v2.62.1

v2.63.0

v2.63.1

v2.64.0

v2.64.1

v2.65.0

v2.65.1

v2.66.0

v2.66.1

v2.67.0

v2.67.1

v2.68.0

v2.68.1

v2.70.0

v2.70.1

v2.71.0

v2.71.1

v2.72.0

v2.72.1

v2.73.0

v2.73.1

v2.74.0

v2.74.1

v2.75.0

v2.75.1

v2.76.0

v2.76.1

v2.77.0

v2.77.1

v2.78.0

v2.78.1

v2.79.0

v2.79.1

v2.80.0

v2.80.1

v2.81.0

v2.81.1

v2.82.0

v2.82.1

v2.83.0

v2.83.1

v2.84.0

v2.84.1

v2.85.0

v2.85.1

v2.86.0

v2.86.1

v2.87.0

v2.87.1

v2.88.0

v2.88.1