Headline
CVE-2023-28155
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
%PDF-1.3 %��������� 3 0 obj << /Filter /FlateDecode /Length 1549 >> stream x�WYoE~�_Q� ������`��Np R"V��!�r’A��_�1۳��]i{v��ί����tE_�4�����Do��裢����9v��7Ӿ�|%�2�}9�B���9ݿOώN����!=:>� t�g)h+L����"y���T�iR�������O���>� 㜒e’[��n�&��H<C�o��ʓgG�5�� ��QB9)y���� 09��;(ۑlݙ�HB;�"�`��.�X��W4{!� � (�Eyy�l7��&��d``0d�06�H.!�V���Xw��.���E�,�l��’;�/;��#�ۢ��l��鲛�(��]�I�B�}�:F�R8��’B)��Р�BLɔ�ug�;��x���j���z������$b��\�p�<( �%�(��`fJ!*(�Wɹz!�t��`�وI`.� �U� {�$~�7�eX��%���k��ƽ�)�X�=)4�����x��`�ɫ��K^���٘��a<[� Ei�����|J’�͂�Ђp���WosY?<�\^���?�"H��A�m� �*iy�^I�*���H�NNj�%y#�f��:�� j�Ŗ��ev|���T�,�qr�kP���裰�"�H�� x3>)�@�Q�Mp�>���l�P:�T�F��8K�sJ���[SjKJ�=d�7�#0P�|-�6b�y;g��0���30�Z@�>� 5�����N�,7�5ڏɵ0S�����mˁ���`O��9��{Ϫ�a+���nw9Å٥�2ר&�"Z����^�\�ߩ�n�o�%�}ce6lf��!�U��@n�@�����.��[�hg���-��]��ro ��RS��B�EW�����CWsS��51�:�JF�4�:=�:����1RS�C?`��p�6��P9�)�1�: PlR�0�����_������ Գ�[��7��u-�ȕA���Acm:%RhhRY�Ѵ��pR� ?0o����)4Z�����0Zǝ2hV��n���!�J<8p�[HI��I�׃�xk�L�w�nb�;�߁�6�V��=�>���j[�ؙd�5�+X}�im0R��)4�}���T�6-�i����b]f\]fj��n���)�m������gQEy� 4�]�"�(�h"�]V�O�pc��l�R’�&g�����l�pR8w��+�����?�N��Ռo�c}9�8z�_�U�F�1�R`h\�$�2c0�y�T�E!GпZa3�7GYG�8AQ�U�5�[[dU��_�l��`�����~����+����a� ۳����K}�~��Ktg���UH�-QsM��A�s4#v����tM����G�!���^�<8y�{�����’�t���ⲧ�z��d�dFgмѤ,�0�`D��V��-lŔO.�lC���d��yo�]�ב�
Related news
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.
The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.