Описание
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | io.cryostat-cryostat3 | Fix deferred | ||
| Migration Toolkit for Applications 7 | mta/mta-cli-rhel9 | Fix deferred | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Fix deferred | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Fix deferred | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-db-migration-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
axios is a promise based HTTP client for the browser and node.js. The ...
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
5.3 Medium
CVSS3