Severity: high

    Server-Side Request Forgery

    axios

    Overview

    The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

    Remediation

    Upgrade to 0.21.1 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Jan 4th, 2021
    2. reported

      Reported by Anonymous
      Jan 4th, 2021