CVE-2023-28155
- Source
- https://cve.org/CVERecord?id=CVE-2023-28155
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28155.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-28155
- Aliases
- Downstream
- Related
- Published
- 2023-03-16T00:00:00Z
- Modified
- 2026-06-18T03:57:08.697069756Z
- Summary
- [none]
- Details
-
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Database specific
{ "cna_assigner": "mitre", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28155.json" }- References
-
- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28155.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-28155
- https://security.netapp.com/advisory/ntap-20230413-0007/
- https://github.com/request/request/issues/3442
- https://github.com/request/request/pull/3444
Affected packages
Git / github.com/request/request
Affected ranges
- Type
- GIT
- Repo
- https://github.com/request/request
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "source": [ "DESCRIPTION", "CPE_RANGE" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "2.88.1" }, { "introduced": "0" }, { "last_affected": "2.88.1" } ], "cpe": "cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*" }
Affected versions
v1.*
v1.2.0
v2.*
v2.17.0
v2.18.0
v2.18.1
v2.19.0
v2.19.1
v2.20.0
v2.20.1
v2.21.0
v2.21.1
v2.22.0
v2.22.1
v2.23.0
v2.23.1
v2.24.0
v2.24.1
v2.25.0
v2.25.1
v2.26.0
v2.26.1
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.29.0
v2.29.1
v2.30.0
v2.30.1
v2.31.0
v2.31.1
v2.32.0
v2.32.1
v2.33.0
v2.33.1
v2.34.0
v2.34.1
v2.35.0
v2.35.1
v2.36.0
v2.36.1
v2.37.0
v2.37.1
v2.38.0
v2.38.1
v2.39.0
v2.39.1
v2.40.0
v2.40.1
v2.41.0
v2.41.1
v2.42.0
v2.42.1
v2.43.0
v2.43.1
v2.44.0
v2.44.1
v2.45.0
v2.45.1
v2.46.0
v2.46.1
v2.47.0
v2.47.1
v2.48.0
v2.48.1
v2.52.0
v2.52.1
v2.53.0
v2.53.1
v2.54.0
v2.54.1
v2.55.0
v2.55.1
v2.56.0
v2.56.1
v2.57.0
v2.57.1
v2.58.0
v2.58.1
v2.59.0
v2.59.1
v2.60.0
v2.60.1
v2.66.0
v2.66.1
v2.67.0
v2.67.1
v2.68.0
v2.68.1
v2.70.0
v2.70.1
v2.71.0
v2.71.1
v2.72.0
v2.72.1
v2.73.0
v2.73.1
v2.74.0
v2.74.1
v2.75.0
v2.75.1
v2.76.0
v2.76.1
v2.77.0
v2.77.1
v2.78.0
v2.78.1
v2.79.0
v2.79.1
v2.80.0
v2.80.1
v2.82.0
v2.82.1
v2.83.0
v2.83.1
v2.84.0
v2.84.1
v2.85.0
v2.85.1
v2.86.0
v2.86.1
v2.87.0
v2.87.1
v2.88.0