Overview
The axios
NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Remediation
Upgrade to 0.21.1 or later.
Resources
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
published
Advisory PublishedJan 4th, 2021reported
Reported by AnonymousJan 4th, 2021