PowerSchool-API icon indicating copy to clipboard operation
PowerSchool-API copied to clipboard
verified publisher icon aydenp

CVE-2023-28155 (Server-Side Request Forgery in Request)

Open jpdagostin0 opened this issue 2 years ago • 1 comments 

The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

See: GitHub Advisory

jpdagostin0 avatar Apr 21 '23 21:04 jpdagostin0

Fixed in #21

jpdagostin0 avatar Jun 04 '24 17:06 jpdagostin0