@isomorphic-git/cors-proxy is vulnerable to server side request forgery. The attacks are possible because it does not validate the URL passed via the request from client before loading, allowing the attacker to send malicious request to get sensitive information at the server.