GoogleOSV:GHSA-P8P7-X288-28G6Server-Side Request Forgery in Request
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
41.4%
The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
NOTE: The request package is no longer supported by the maintainer.
| CPE | Name | Operator | Version |
|---|---|---|---|
| request | le | 2.88.2 | |
| @cypress/request | lt | 3.0.0 |
References
doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
github.com/cypress-io/request/blob/master/lib/redirect.js#L116
github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f
github.com/cypress-io/request/pull/28
github.com/cypress-io/request/releases/tag/v3.0.0
github.com/github/advisory-database/pull/2500
github.com/request/request
github.com/request/request/blob/master/lib/redirect.js#L111
github.com/request/request/issues/3442
github.com/request/request/pull/3444
nvd.nist.gov/vuln/detail/CVE-2023-28155
security.netapp.com/advisory/ntap-20230413-0007
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
41.4%