Описание
Server-Side Request Forgery in axios
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-39338
- https://github.com/axios/axios/issues/6463
- https://github.com/axios/axios/pull/6539
- https://github.com/axios/axios/pull/6543
- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
- https://github.com/axios/axios/releases
- https://github.com/axios/axios/releases/tag/v1.7.4
- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
Пакеты
Наименование
axios
npm
Затронутые версииВерсия исправления
>= 1.3.2, <= 1.7.3
1.7.4
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 1 года назад
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS3: 7.5
redhat
больше 1 года назад
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS3: 7.5
nvd
больше 1 года назад
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS3: 7.5
debian
больше 1 года назад
axios 1.7.2 allows SSRF via unexpected behavior where requests for pat ...
