Lucene search
K

132 matches found

OSV
OSV
added 2023/03/16 3:15 p.m.2 views

DEBIAN-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.3AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/03/16 3:15 p.m.7 views

AZL-44241 CVE-2023-28155 affecting package js-jquery 3.5.0-4

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.5AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/03/16 3:15 p.m.7 views

AZL-25664 CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References1
Prion
Prion
added 2023/03/16 3:15 p.m.27 views

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the...

5.8CVSS6.3AI score0.00719EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/16 3:15 p.m.33 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.19 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.4AI score0.00719EPSS
Exploits1References4
OSV
OSV
added 2023/03/16 12:0 a.m.31 views

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.8AI score0.00719EPSS
Exploits1References6
CVE
CVE
added 2023/03/16 12:0 a.m.460 views

CVE-2023-28155

CVE-2023-28155 is a Server-Side Request Forgery (SSRF) bypass in the Node.js Request package (up to v2.88.1) that allows cross-protocol redirects (HTTP↔HTTPS) via an attacker-controlled server. IBM documents associate this CVE with multiple products (e.g., IBM Maximo AI Service, IBM watsonx Orche...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/02/22 4:15 a.m.3 views

CVE-2023-24108

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

9.8CVSS7.9AI score0.01351EPSS
Exploits1References3
NVD
NVD
added 2023/02/22 4:15 a.m.14 views

CVE-2023-24108

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

9.8CVSS9.8AI score0.01351EPSS
Exploits1References3
OSV
OSV
added 2023/02/22 4:15 a.m.3 views

CVE-2023-24107

hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

9.8CVSS7.9AI score0.01207EPSS
Exploits1References3
NVD
NVD
added 2023/02/22 4:15 a.m.18 views

CVE-2023-24107

hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

9.8CVSS9.8AI score0.01207EPSS
Exploits1References3
Prion
Prion
added 2023/02/22 4:15 a.m.11 views

Code injection

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

7.5CVSS9.7AI score0.01351EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/02/22 12:0 a.m.53 views

CVE-2023-24108

CVE-2023-24108 affects MvcTools (version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737); a backdoor in the request package (requirements.txt) enables code execution and access to sensitive user data. Public exploit details are not provided in the documents. Remediation guidance notes removing/updating...

9.8CVSS9.7AI score0.01351EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/02/22 12:0 a.m.17 views

CVE-2023-24108

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

10AI score0.01351EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/22 12:0 a.m.6 views

CVE-2023-24107

hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

9.9AI score0.01207EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.4 views

PT-2023-19404

Name of the Vulnerable Software and Affected Versions MvcTools version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 Description The issue allows attackers to access sensitive user information and execute arbitrary code via a code execution backdoor in the request package, as specified in...

9.8CVSS8AI score0.01351EPSS
Exploits1References8
CVE
CVE
added 2023/02/22 12:0 a.m.50 views

CVE-2023-24107

Technical details about CVE-2023-24107 are not publicly available in the supplied documents. No explicit affected product/version, root cause, or remediation is provided here; monitor the listed sources for updates.

9.8CVSS9.7AI score0.01207EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/02/22 12:0 a.m.19 views

CVE-2023-24107

hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

10AI score0.01207EPSS
Exploits1References3
OSV
OSV
added 2022/12/14 3:15 p.m.4 views

CVE-2022-46997

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

9.8CVSS6.2AI score0.01144EPSS
Exploits1References3
Rows per page
Query Builder