Negligent Parachute Maintainers
Severity: high

Server-Side Request Forgery

axios

Overview

The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Remediation

Upgrade to 0.21.1 or later.

Have content suggestions? Visit npmjs.com/support.

Advisory timeline

  1. published

    Advisory Published
    Jan 4th, 2021
  2. reported

    Reported by Anonymous
    Jan 4th, 2021