Количество 10
Количество 10
GHSA-jr5f-v2jv-69x6
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVE-2025-27152
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The ...
SUSE-SU-2025:1227-1
Security update for pgadmin4
BDU:2025-02726
Уязвимость библиотеки axios, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю осуществить SSRF-атаку
SUSE-SU-2025:1326-1
Security update for pgadmin4
SUSE-SU-2025:01326-1
Security update for pgadmin4
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-jr5f-v2jv-69x6 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL | 0% Низкий | 8 месяцев назад | |
 | CVE-2025-27152 axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27152 axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. | CVSS3: 5.3 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27152 axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests | 0% Низкий | 2 месяца назад | |
| CVE-2025-27152 axios is a promise based HTTP client for the browser and node.js. The ... | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | SUSE-SU-2025:1227-1 Security update for pgadmin4 | 0% Низкий | 7 месяцев назад | |
 | BDU:2025-02726 Уязвимость библиотеки axios, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю осуществить SSRF-атаку | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| SUSE-SU-2025:1326-1 Security update for pgadmin4 | 7 месяцев назад | ||
| SUSE-SU-2025:01326-1 Security update for pgadmin4 | 3 месяца назад |
Уязвимостей на страницу