Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

request project request vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-28155
The Request package up to and including 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by t...
Request Project Request
7.1
CVSSv2
CVE-2017-16026
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
Request Project Request
4.3
CVSSv2
CVE-2019-1010206
OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing.
Http Request Project Http Request 6.0
5
CVSSv2
CVE-2022-0654
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry before 7.0.0.
Node-request-retry Project Node-request-retry
5
CVSSv2
CVE-2015-1165
RT (aka Request Tracker) 3.8.8 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Debian Debian Linux 7.0Fedoraproject Fedora 21Fedoraproject Fedora 22Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.2Bestpractical Request Tracker 4.0.3Bestpractical Request Tracker 4.0.4Bestpractical Request Tracker 4.0.18Bestpractical Request Tracker 4.0.19Bestpractical Request Tracker 3.8.11Bestpractical Request Tracker 3.8.12Bestpractical Request Tracker 3.8.13Bestpractical Request Tracker 3.8.14Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.11Bestpractical Request Tracker 4.0.12Bestpractical Request Tracker 4.0.13Bestpractical Request Tracker 4.2.3Bestpractical Request Tracker 4.2.4Bestpractical Request Tracker 4.2.5Bestpractical Request Tracker 4.2.6
6.8
CVSSv2
CVE-2017-5943
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 allows remote malicious users to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.11Bestpractical Request Tracker 4.0.12Bestpractical Request Tracker 4.2.0Bestpractical Request Tracker 4.2.1Bestpractical Request Tracker 4.2.2Bestpractical Request Tracker 4.2.3Bestpractical Request Tracker 4.2.4Bestpractical Request Tracker 4.0.6Bestpractical Request Tracker 4.0.8Bestpractical Request Tracker 4.0.13Bestpractical Request Tracker 4.0.15Bestpractical Request Tracker 4.0.22Bestpractical Request Tracker 4.0.24Bestpractical Request Tracker 4.2.6Bestpractical Request Tracker 4.2.8Bestpractical Request Tracker 4.2.13Bestpractical Request Tracker 4.4.0Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.2
6.5
CVSSv2
CVE-2017-5944
The dashboard subscription interface in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Bestpractical Request Tracker 4.0.3Bestpractical Request Tracker 4.0.5Bestpractical Request Tracker 4.0.12Bestpractical Request Tracker 4.0.14Bestpractical Request Tracker 4.0.19Bestpractical Request Tracker 4.0.21Bestpractical Request Tracker 4.2.3Bestpractical Request Tracker 4.2.5Bestpractical Request Tracker 4.2.12Bestpractical Request Tracker 4.4.1Bestpractical Request Tracker 4.0.7Bestpractical Request Tracker 4.0.8Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.23Bestpractical Request Tracker 4.0.24Bestpractical Request Tracker 4.2.0Bestpractical Request Tracker 4.2.1Bestpractical Request Tracker 4.2.2Bestpractical Request Tracker 4.4.0Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1
4.3
CVSSv2
CVE-2016-6127
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote malicious users to inject arbitrary web script or HTML via a file ...
Bestpractical Request Tracker 4.0.7Bestpractical Request Tracker 4.0.8Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.23Bestpractical Request Tracker 4.0.24Bestpractical Request Tracker 4.2.0Bestpractical Request Tracker 4.2.1Bestpractical Request Tracker 4.4.0Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.15Bestpractical Request Tracker 4.0.16Bestpractical Request Tracker 4.0.17Bestpractical Request Tracker 4.0.18Bestpractical Request Tracker 4.2.7Bestpractical Request Tracker 4.2.8Bestpractical Request Tracker 4.2.9Bestpractical Request Tracker 4.2.10Bestpractical Request Tracker 4.0.3Bestpractical Request Tracker 4.0.5Bestpractical Request Tracker 4.0.12
4.3
CVSSv2
CVE-2017-5361
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote malicious users to obtain sensitive user password information via a timing side-channel attack...
Bestpractical Request Tracker 4.0.5Bestpractical Request Tracker 4.0.7Bestpractical Request Tracker 4.0.14Bestpractical Request Tracker 4.0.16Bestpractical Request Tracker 4.0.21Bestpractical Request Tracker 4.0.23Bestpractical Request Tracker 4.2.5Bestpractical Request Tracker 4.2.7Bestpractical Request Tracker 4.4.1Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.11Bestpractical Request Tracker 4.0.12Bestpractical Request Tracker 4.2.0Bestpractical Request Tracker 4.2.1Bestpractical Request Tracker 4.2.2Bestpractical Request Tracker 4.2.3Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.2Bestpractical Request Tracker 4.0.3Bestpractical Request Tracker 4.0.17
7.1
CVSSv2
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to cause a denial of service (CPU and disk consumption) via a crafted email.
Debian Debian Linux 7.0Fedoraproject Fedora 22Fedoraproject Fedora 21Bestpractical Request Tracker 3.8.16Bestpractical Request Tracker 3.8.17Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.14Bestpractical Request Tracker 4.0.15Bestpractical Request Tracker 4.0.16Bestpractical Request Tracker 4.0.17Bestpractical Request Tracker 4.0.18Bestpractical Request Tracker 4.2.8Bestpractical Request Tracker 4.2.9Bestpractical Request Tracker 3.6.10Bestpractical Request Tracker 3.8.3Bestpractical Request Tracker 3.8.13Bestpractical Request Tracker 3.8.15Bestpractical Request Tracker 4.0.2Bestpractical Request Tracker 4.0.4Bestpractical Request Tracker 4.0.11Bestpractical Request Tracker 4.0.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook