Server-Side Request Forgery in Request

[vadimka123]

The request package through 2.88.2 for Node.js and the @cypress/request package through 2.88.11 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).

NOTE: The request package is no longer supported by the maintainer.

[LubosK]

bump

[ewoelfel]

duplicate of #27 pr fixing it can be found under #28

[MikeMcC399]

• I suggest to close this issue, since it is a duplicate of CVE-2023-28155 #27