Description
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
Remediation
References
https://github.com/isomorphic-git/cors-proxy/commit/1b1c91e71d946544d97ccc7cf0ac62b859e03311
https://snyk.io/vuln/SNYK-JS-ISOMORPHICGITCORSPROXY-1734788
Related Vulnerabilities
CVE-2021-21179 Vulnerability in npm package electron
CVE-2023-27495 Vulnerability in npm package @fastify/csrf-protection
CVE-2023-3635 Vulnerability in maven package com.squareup.okio:okio-jvm
CVE-2019-2692 Vulnerability in maven package mysql:mysql-connector-java
CVE-2021-43807 Vulnerability in maven package org.opencastproject:opencast-common