| Release | Version |
|---|---|
| jessie | 2.26.1-1 |
| stretch | 2.26.1-1 |
| buster | 2.88.1-2 |
| bullseye | 2.88.1-5 |
| bookworm | 2.88.1-6 |
| sid | 2.88.1-6 |
| Bug | jessie | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28155 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | The Request package through 2.88.1 for Node.js allows a bypass of SSRF ... |
| CVE-2017-16026 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Request is an http client. If a request is made using ```multipart```, ... |