Ikkisoft

Name of the Vulnerable Software and Affected Versions: request-filtering-agent versions 1.x.x and earlier Description: request-filtering-agent is an http(s).Agent implementation designed to block requests to Private/Reserved IP addresses. HTTPS requests to `127.0.0.1` bypass IP address filtering, while HTTP requests are correctly blocked. This allows potential access to internal HTTPS services running on localhost, bypassing the library’s Server-Side Request Forgery (SSRF) protection. The issue is particularly dangerous when applications accept user-controlled URLs and internal services are protected only by network-level restrictions. Recommendations: Upgrade to request-filtering-agent version 2.0.0 or later.

Name of the Vulnerable Software and Affected Versions: vite-plugin-static-copy versions prior to 2.3.2 vite-plugin-static-copy versions prior to 3.1.2 Description: The vite-plugin-static-copy plugin for Vite allows access to files not included in the `src` directory through a crafted request. This can lead to the disclosure of arbitrary files on the filesystem. The vulnerability affects applications explicitly exposing the Vite dev server to the network. An attacker can exploit this issue by sending a specially crafted HTTP request to access files outside the intended directory. Recommendations: vite-plugin-static-copy versions prior to 2.3.2: Update to version 2.3.2 or later. vite-plugin-static-copy versions prior to 3.1.2: Update to version 3.1.2 or later.