The Request package up to and including 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
request project request |