request — CVE history (npm)
request
2 CVEs affect the request npm package (highest CVSS 6.1). Latest disclosed: 2023-03-16. Full CVE history sourced from NVD.
Summary
- Package
request(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
6.1- Latest disclosed
- 2023-03-16
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28155 | Medium | 6.1 | — | 2023-03-16 | The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). |
CVE-2017-16026 | Medium | 5.9 | — | 2018-06-04 | Request is an http client. |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28155 | Medium | 6.1 | — | 2023-03-16 | The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). |
CVE-2017-16026 | Medium | 5.9 | — | 2018-06-04 | Request is an http client. |