Vulnerabilities (CVE)

Filtered by vendor Isomorphic-git Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30483 1 Isomorphic-git 1 Isomorphic-git 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.
CVE-2021-23664 1 Isomorphic-git 1 Cors-proxy 2024-11-21 5.0 MEDIUM 8.6 HIGH
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.