CVE-2020-28168

Server-Side Request Forgery (SSRF) in npm/axios

Identifier

CVE-2020-28168

Package Slug

npm/axios

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Axios NPM package contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Affected Versions

Version 0.21.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-11-17

source