Skip to content

vulnerability report (severity is: 6) #1263

New issue
New issue
Open
Open
vulnerability report (severity is: 6)#1263
@its-dibo

Description

@its-dibo
its-dibo
opened on Mar 19, 2025

Dependency Hierarchy

node-telegram-bot-api-0.66.0.tgz
request-promise-5.0.0.tgz
request-promise-core-1.1.3.tgz
❌ request-2.88.2.tgz (Vulnerable Library)

Vulnerability Details

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2023-03-16

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions