CVE-2020-28168

Server-Side Request Forgery (SSRF) in npm/axios

Identifiers

CVE-2020-28168

Package Slug

npm/axios

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Axios NPM package contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Affected Versions

All versions starting from 0.19.0 up to 0.21.0

Solution

Upgrade to version 0.21.1 or above.

Last Modified

2020-11-17

source