5 matches found
Server side request forgery in @isomorphic-git/cors-proxy
The package @isomorphic-git/cors-proxy before 2.7.1 is vulnerable to Server-side Request Forgery SSRF due to missing sanitization and validation of the redirection action in middleware.js...