Request Project Request vulnerabilities
2 known vulnerabilities affecting request_project/request.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-16026P4MEDIUMCVSS 5.9≥ 2.2.6, < 2.47.0≤ 2.67.02018-06-04
CVE-2017-16026 [MEDIUM] CWE-201 CVE-2017-16026: Request is an http client. If a request is made using ```multipart```, and the body type is a ```num
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 2.51.0 <=2.67.0.
ghsanvdosv
CVE-2023-28155P4MEDIUMCVSS 6.1≤ 2.88.12023-03-16
CVE-2023-28155 [MEDIUM] CWE-918 CVE-2023-28155: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-c
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
ghsanvdosv