132 matches found
DEBIAN-CVE-2023-28155
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
AZL-44241 CVE-2023-28155 affecting package js-jquery 3.5.0-4
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
AZL-25664 CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the...
CVE-2023-28155
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2023-28155
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2023-28155
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2023-28155
CVE-2023-28155 is a Server-Side Request Forgery (SSRF) bypass in the Node.js Request package (up to v2.88.1) that allows cross-protocol redirects (HTTP↔HTTPS) via an attacker-controlled server. IBM documents associate this CVE with multiple products (e.g., IBM Maximo AI Service, IBM watsonx Orche...
CVE-2023-24108
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2023-24108
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2023-24107
hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2023-24107
hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
Code injection
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2023-24108
CVE-2023-24108 affects MvcTools (version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737); a backdoor in the request package (requirements.txt) enables code execution and access to sensitive user data. Public exploit details are not provided in the documents. Remediation guidance notes removing/updating...
CVE-2023-24108
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2023-24107
hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
PT-2023-19404
Name of the Vulnerable Software and Affected Versions MvcTools version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 Description The issue allows attackers to access sensitive user information and execute arbitrary code via a code execution backdoor in the request package, as specified in...
CVE-2023-24107
Technical details about CVE-2023-24107 are not publicly available in the supplied documents. No explicit affected product/version, root cause, or remediation is provided here; monitor the listed sources for updates.
CVE-2023-24107
hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...
CVE-2022-46997
Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...