The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. See https://github.com/IBM/tpf-conceptnet-datasource/security/dependabot/10 .
This package is required by the @ldf/core 3.2.1 submodule.
The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. See https://github.com/IBM/tpf-conceptnet-datasource/security/dependabot/10 .
This package is required by the
@ldf/core 3.2.1submodule.