Server-Side Request Forgeryaxios
axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Upgrade to 0.21.1 or later.
publishedAdvisory PublishedJan 4th, 2021
reportedReported by AnonymousJan 4th, 2021