CVE-2023-28155

CVE-2023-28155 is a Server-Side Request Forgery (SSRF) bypass in the Node.js Request package (up to v2.88.1) that allows cross-protocol redirects (HTTP↔HTTPS) via an attacker-controlled server. IBM documents associate this CVE with multiple products (e.g., IBM Maximo AI Service, IBM watsonx Orche...

CVE-2017-16026

The CVE-2017-16026 issue affects the Node.js request module: when making a multipart request and the body is a number, the specified amount of non-zero memory may be disclosed to the recipient. Affected versions are 2.2.6 through 2.47.0 and 2.51.0 through 2.67.0. Root cause is a memory exposure i...