Nonchalantly Performs Magic
Severity: high

Server-Side Request Forgery



The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.


Upgrade to 0.21.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 4th, 2021
  2. reported

    Reported by Anonymous
    Jan 4th, 2021