Описание
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-axios | fixed | 1.7.4+dfsg-1 | package | |
| node-axios | not-affected | bookworm | package | |
| node-axios | not-affected | bullseye | package |
Примечания
https://github.com/axios/axios/issues/6463
https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
Introduced in: https://github.com/axios/axios/commit/128d56f4a0fb8f5f2ed6e0dd80bc9225fee9538c (v1.3.2)
Fixed by: https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a (v1.7.4)
EPSS
Связанные уязвимости
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
EPSS