Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28155

** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE
Open in Source
#vulnerability#nodejs#js#ssrf#pdf

%PDF-1.3 %��������� 3 0 obj << /Filter /FlateDecode /Length 1549 >> stream x�WYoE~�_Q� ������`��Np R"V��!�r’A��_�1۳��]i{v��ί����tE_�4�����Do��裢����9v��7Ӿ�|%�2�}9�B���9ݿOώN����!=:>� t�g)h+L����"y���T�iR�������O���>� 㜒e’[��n�&��H<C�o��ʓgG�5�� ��QB9)y���� 09��;(ۑlݙ�HB;�"�`��.�X��W4{!� � (�Eyy�l7��&��d``0d�06�H.!�V���Xw��.���E�,�l��’;�/;��#�ۢ��l��鲛�(��]�I�B�}�:F�R8��’B)��Р�BLɔ�ug�;��x���j���z��� ���$b��\�p�<( �%�(��`fJ!*(�Wɹz!�t��`�و I`.� �U� {�$~�7�eX��%���k��ƽ�)�X�=)4�����x��`�ɫ��K^���٘��a<[� Ei�����|J’�͂�Ђp���WosY?<�\^���?�"H��A�m� �*iy�^I�*���H�NNj�%y#�f��:�� j�Ŗ��ev|���T�,�qr�kP���裰�"�H�� x3>)�@�Q�Mp�>���l�P:�T�F��8K�sJ���[SjKJ�=d�7�#0P�|-�6b�y;g��0���30�Z@�> � 5�����N�,7�5ڏɵ0S�����mˁ���`O��9��{Ϫ�a+���nw9Å٥�2ר&�"Z����^�\�ߩ�n�o�%�}ce6lf��!�U��@n�@�����.��[ �hg���-��]��ro ��RS��B�EW�����CWsS��51�:�JF�4�:=�:����1RS�C?`��p�6��P9�)�1�: PlR�0�����_������ Գ�[��7��u-�ȕA���Acm:%RhhRY�Ѵ��pR� ?0o����)4Z�����0Zǝ2hV��n��� !�J<8p�[HI��I�׃�xk�L�w�nb�;�߁ �6�V��=�>���j[�ؙd�5�+X}�im0R��)4�}� ��T�6-�i����b]f\]fj� �n���)�m������gQEy� 4�]�"�(�h"�]V�O�p c��l�R’ �&g�����l�pR 8w��+�����?�N��Ռo�c}9�8z�_�U�F�1�R`h\�$�2c0�y�T�E!GпZa3�7GYG�8AQ�U�5�[[dU��_�l��`�����~����+����a� ۳����K}�~��Ktg���UH�-QsM��A�s4#v����tM����G�!���^�<8y�{�����’�t���ⲧ�z��d�dFgмѤ,�0�`D��V��-lŔO.�lC���d��yo�]�ב�

Related news

CVE-2023-28955: Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.

GHSA-p8p7-x288-28g6: Server-Side Request Forgery in Request

The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE