Severity: high

    Server-Side Request Forgery



    The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.


    Upgrade to 0.21.1 or later.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Jan 4th, 2021
    2. reported

      Reported by Anonymous
      Jan 4th, 2021