cb
cvebase
.
~
/
products
/
cypress
/
request
Search CVEs, products, detections…
⌘K
pipeline live
Digest
Docs
Home
/
Products
/
cypress
/
Cypress Request
Cypress Request vulnerabilities
1 known vulnerability affecting
cypress/request
.
Track
Version
All versions
Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM
1
Vulnerabilities
Sort
Most important
Highest Priority
Highest EPSS
Highest CVSS
Newest
Oldest
Page 1 of 1
CVE-2023-28155
P4
MEDIUM
≥ 0, < 3.0.0
2023-03-16
CVE-2023-28155 [MEDIUM] CWE-918 Server-Side Request Forgery in Request Server-Side Request Forgery in Request The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: The `request` package is no longer supported by the maintainer.
ghsa
osv