Veracode Vulnerability DatabaseVERACODE:39825Server-Side Request Forgery (SSRF)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
29.0%
request is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability exists due to the Redirect.prototype.redirectTo function in redirect.js, which allows a remote attacker to bypass SSRF protection because library does not properly apply configurations when requests are redirected from http to https, or vice versa.
References
doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
github.com/advisories/GHSA-p8p7-x288-28g6
github.com/doyensec/request/commit/d42332182512e56ba68446f49c3e3711e04301a2
github.com/request/request/issues/3442
github.com/request/request/pull/3444
security.netapp.com/advisory/ntap-20230413-0007/
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
29.0%