Bug#1033250: [Pkg-javascript-devel] Bug#1033250: Bug#1033250: node-request: CVE-2023-28155

Control: block -1 by 956423 On Tue, Mar 21 2023 at 12:05:15 PM +05:30:00 +05:30:00, Pirate Praveen wrote: $ reverse-depends node-request Reverse-Depends === * node-jsonld * node-matrix-js-sdk * yarnpkg For yarnpkg, we are trying to remove the dependency to node-request, see http

Bug#1033250: [Pkg-javascript-devel] Bug#1033250: node-request: CVE-2023-28155

On Mon, Mar 20 2023 at 07:34:33 PM +01:00:00 +01:00:00, Moritz Mühlenhoff wrote: Source: node-request X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for node-request. CVE-2023-28155[0]: | ** UNSUPPORTED WHEN ASSIGNED **

Bug#1033250: node-request: CVE-2023-28155

Source: node-request X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for node-request. CVE-2023-28155[0]: | ** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for | Node.js allows a bypass of SSRF mitigations vi