Lucene search

CVE-2023-28155

🗓️ 16 Mar 2023 15:11:15Reported by mitreType

The Request package for Node.js allows SSRF bypass via cross-protocol redirec

Reporter	Title	Published	Views	Family All 37
IBM Security Bulletins	Security Bulletin: Decision Optimization for Cloud Pak for Data is vulnerable to a server-side request forgery (CVE-2023-28155).	1 Aug 202316:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js Request module denial of service vulnerabilitiy [ CVE-2023-28155]	18 Jul 202314:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155	9 Sep 202408:12	–	ibm
IBM Security Bulletins	Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to Node.js Request module (CVE-2023-28155)	18 May 202312:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Node.js request affects IBM Cloud Pak System[CVE-2023-28155]	1 Aug 202413:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to server-side request forgery due to [CVE-2023-28155]	27 Jul 202315:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a server-side request forgery due to Node.js Request module (CVE-2023-28155).	30 Jun 202314:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)	1 Aug 202316:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Edge Application Manager 4.5.2 addresses the security vulnerabilities listed in the CVEs below.	31 Aug 202316:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	26 May 202314:13	–	ibm

Nvd

Node

request_project requestRange≤2.88.1node.js

Source	Link
doyensec	www.doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
github	www.github.com/request/request/pull/3444
github	www.github.com/request/request/issues/3442
security	www.security.netapp.com/advisory/ntap-20230413-0007/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Mar 2023 15:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS36.1

EPSS0.00117

CWE-918