request@2.9.0 vulnerabilities
Simplified HTTP request client.
-
latest version
2.88.2
-
first published
13 years ago
-
latest version published
4 years ago
-
licenses detected
- >=0.8.3 <2.11.0; >=2.16.0
Direct Vulnerabilities
Known vulnerabilities in the request package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
request is a simplified http request client. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient checks in the NOTE: How to fix Server-side Request Forgery (SSRF)? A fix was pushed into the |
*
|
request is a simplified http request client. Affected versions of this package are vulnerable to Remote Memory Exposure.
A potential remote memory exposure vulnerability exists in Note that while the impact of this vulnerability is high (memory exposure), exploiting it is likely difficult, as the attacker needs to somehow control the body type of the request. One potential exploit scenario is when a request is composed based on JSON input, including the body type, allowing a malicious JSON to trigger the memory leak. How to fix Remote Memory Exposure? Upgrade |
>2.2.5 <2.68.0
|
request is a simplified http request client. Affected versions of this package are vulnerable to Remote Memory Exposure.
A potential remote memory exposure vulnerability exists in Note that while the impact of this vulnerability is high (memory exposure), exploiting it is likely difficult, as the attacker needs to somehow control the body type of the request. One potential exploit scenario is when a request is composed based on JSON input, including the body type, allowing a malicious JSON to trigger the memory leak. How to fix Remote Memory Exposure? Upgrade |
>2.2.5 <2.68.0
|