Lucene search
K

325 matches found

OSV
OSV
added 2023/03/16 3:30 p.m.2 views

GHSA-P8P7-X288-28G6 Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

6.1CVSS6.9AI score0.00719EPSS
Exploits1References12
OSV
OSV
added 2023/03/16 3:15 p.m.7 views

AZL-44241 CVE-2023-28155 affecting package js-jquery 3.5.0-4

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.5AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/03/16 3:15 p.m.2 views

DEBIAN-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.3AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/03/16 3:15 p.m.8 views

AZL-43444 CVE-2023-28155 affecting package js-jquery 3.5.0-4

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.5AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/03/16 3:15 p.m.7 views

AZL-25664 CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/03/16 3:15 p.m.3 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.7AI score0.00719EPSS
Exploits1References5
Prion
Prion
added 2023/03/16 3:15 p.m.27 views

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the...

5.8CVSS6.3AI score0.00719EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/03/16 3:15 p.m.5 views

UBUNTU-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/03/16 3:15 p.m.34 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.3 views

PT-2023-4735

Name of the Vulnerable Software and Affected Versions Request package versions through 2.88.1 @cyprus/request package versions prior to 3.0.0 Description The issue is related to insufficient validation of incoming requests, allowing a remote attacker to bypass SSRF mitigations via an...

6.4CVSS6.8AI score0.00719EPSS
Exploits1References29
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.19 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.4AI score0.00719EPSS
Exploits1References4
CVE
CVE
added 2023/03/16 12:0 a.m.460 views

CVE-2023-28155

CVE-2023-28155 is a Server-Side Request Forgery (SSRF) bypass in the Node.js Request package (up to v2.88.1) that allows cross-protocol redirects (HTTP↔HTTPS) via an attacker-controlled server. IBM documents associate this CVE with multiple products (e.g., IBM Maximo AI Service, IBM watsonx Orche...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/03/16 12:0 a.m.32 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2023/03/16 12:0 a.m.34 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.4AI score0.00719EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.18 views

Debian: Security Advisory (DLA-1161-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.02147EPSS
Exploits0References2
OSV
OSV
added 2023/02/22 8:11 p.m.8 views

CLSA-2023-1677096675 Fix of 5 CVEs

SECURITY UPDATE: out-of-bounds write caused by integer overflow - debian/patches/CVE-2022-41903.patch: use 'sizet' instead of 'int' to track the string lengths and so allow 2GB input sizes. - CVE-2022-41903 - t-mark-submodule-clean-test-as-known-failure.patch: mark submodule clean test as known...

9.8CVSS7.5AI score0.44268EPSS
Exploits5References1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.35 views

K42378447: IPsec IKEv1 vulnerability CVE-2018-5389

Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...

5.9CVSS6.1AI score0.03038EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/17 4:26 p.m.51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.6 views

SUSE CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

7.4CVSS6.9AI score0.02147EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

5.9CVSS7AI score0.03038EPSS
Exploits1References3
Rows per page
Query Builder