xmlhttprequest-ssl

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting xmlhttprequest-sslpage 1 of 1

CVE-2020-28502HIGHCVSS 8.1EG 8.1✓ Fixed in 1.6.2
2021-03-05
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code…
CVE-2021-31597CRITICALCVSS 9.4EG 9.4✓ Fixed in 1.6.1
2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of N…

Check whether xmlhttprequest-ssl is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for xmlhttprequest-ssl CVEs against the assets you own.

Start Free Scan →