CVE-2023-28155
ADVISORY - githubSummary
The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
NOTE: The request package is no longer supported by the maintainer.
EPSS Score: 0.0054 (0.669)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Server-Side Request Forgery (SSRF)
ADVISORY - github
Server-Side Request Forgery (SSRF)
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-28155
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.1mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-p8p7-x288-28g6
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.1mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-28155
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-28155
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.1mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-g62m-32wx-pc72
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-qqwm-8ppm-96fx
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-rw88-hxpr-jw8v
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-28155
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-