UNKNOWN npm
Server-Side Request Forgery in axios
GHSA-8hc4-vh64-cxmj · CVE-2024-39338
Published · Modified
Description
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-39338
- WEB https://github.com/axios/axios/issues/6463
- WEB https://github.com/axios/axios/pull/6539
- WEB https://github.com/axios/axios/pull/6543
- WEB https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
- PACKAGE https://github.com/axios/axios
- WEB https://github.com/axios/axios/releases
- WEB https://github.com/axios/axios/releases/tag/v1.7.4
- WEB https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes