Lucene search
K

17 matches found

redhatcve
redhatcve
added 2025/05/23 4:50 a.m.8 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.2AI score0.00719EPSS
Exploits1
nessus
nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-28155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker- controller server that does a cross-protocol redirect HTTP t...

6.1CVSS7AI score0.00719EPSS
Exploits1References3
cbl_mariner
cbl_mariner
added 2025/02/05 10:12 p.m.16 views

CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5

CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5. A patched version of the package is available...

6.1CVSS6.6AI score0.00719EPSS
Exploits1
ibm
ibm
added 2024/09/09 8:12 a.m.21 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155

Summary IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerab...

6.1CVSS6.5AI score0.00719EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/08/01 4:26 p.m.35 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)

Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...

6.1CVSS6.1AI score0.00719EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/07/27 3:56 p.m.27 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to server-side request forgery due to [CVE-2023-28155]

Summary Node.js module Request is used by IBM App Connect Enterprise Certified Container operands for both internal and external HTTP calls. IBM App Connect Enterprise Certified Container operands are vulnerable to server-side request forgery. This bulletin provides patch information to address t...

6.1CVSS6.1AI score0.00719EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/07/18 2:2 p.m.43 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js Request module denial of service vulnerabilitiy [ CVE-2023-28155]

Summary Potential Node.js Request module denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-28155 Vulnerability Details...

6.1CVSS6.3AI score0.00719EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/06/30 2:12 p.m.25 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a server-side request forgery due to Node.js Request module (CVE-2023-28155).

Summary IBM App Connect Enterprise is vulnerable to a server-side request forgery due to Node.js Request module CVE-2023-28155. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass...

6.1CVSS6.2AI score0.00719EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/05/18 12:45 p.m.35 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to Node.js Request module (CVE-2023-28155)

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to Node.js Request module CVE-2023-28155. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. By sendi...

6.1CVSS6.2AI score0.00719EPSS
Exploits1Affected Software1
attackerkb
attackerkb
added 2023/03/16 3:15 p.m.3 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.7AI score0.00719EPSS
Exploits1References5
cgr
cgr
added 2023/03/16 3:15 p.m.39 views

CVE-2023-28155 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, kubeflow-centraldashboard, opensearch-dashboards-fips, py3-captum, kubeflow-pipelines...

6.1CVSS6.7AI score0.00719EPSS
Exploits1
wolfi
wolfi
added 2023/03/16 3:15 p.m.27 views

CVE-2023-28155 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines...

6.1CVSS6.3AI score0.00719EPSS
Exploits1
ubuntucve
ubuntucve
added 2023/03/16 3:15 p.m.34 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References4
cvelist
cvelist
added 2023/03/16 12:0 a.m.19 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.4AI score0.00719EPSS
Exploits1References4
cve
cve
added 2023/03/16 12:0 a.m.460 views

CVE-2023-28155

CVE-2023-28155 is a Server-Side Request Forgery (SSRF) bypass in the Node.js Request package (up to v2.88.1) that allows cross-protocol redirects (HTTP↔HTTPS) via an attacker-controlled server. IBM documents associate this CVE with multiple products (e.g., IBM Maximo AI Service, IBM watsonx Orche...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References4Affected Software1
osv
osv
added 2023/03/16 12:0 a.m.32 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References6
debiancve
debiancve
added 2023/03/16 12:0 a.m.34 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.4AI score0.00719EPSS
Exploits1
Rows per page
Query Builder