Szymondrosdzol

**Name of the Vulnerable Software and Affected Versions** Request package versions through 2.88.1 @cyprus/request package versions prior to 3.0.0 **Description** The issue is related to insufficient validation of incoming requests, allowing a remote attacker to bypass SSRF mitigations via an attacker-controlled server that performs a cross-protocol redirect, such as from HTTP to HTTPS or vice versa. This affects products that are no longer supported by the maintainer. **Recommendations** For Request package versions through 2.88.1, consider updating to a version that is still supported by the maintainer, if available. For @cyprus/request package versions prior to 3.0.0, update to version 3.0.0 or later. As a temporary workaround, consider restricting access to the vulnerable package until a patch is available.