Authentication will soon be required to use Sonatype OSS Index
This change improves stability and gives you usage tracking and higher request limits.
Learn what’s changing
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.