HIGH
GHSA-8hc4-vh64-cxmj
Server-Side Request Forgery in axios
Details
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-39338 [ADVISORY]
- https://github.com/axios/axios/issues/6463 [WEB]
- https://github.com/axios/axios/pull/6539 [WEB]
- https://github.com/axios/axios/pull/6543 [WEB]
- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a [WEB]
- https://github.com/axios/axios [PACKAGE]
- https://github.com/axios/axios/releases [WEB]
- https://github.com/axios/axios/releases/tag/v1.7.4 [WEB]
- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html [WEB]