CVE-2023-28155
- Reference to the description:
- Description:
- The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Last updated date:
- 08/02/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/22/2023
- Reference url to background
https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/22/2023
- Reference url to background