Negligent Parachute Maintainers
Severity: high

Server-Side Request Forgery



The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.


Upgrade to 0.21.1 or later.

Have content suggestions? Visit

Advisory timeline

  1. published

    Advisory Published
    Jan 4th, 2021
  2. reported

    Reported by Anonymous
    Jan 4th, 2021