CVE-2020-28168
npm/axios
Server-Side Request Forgery (SSRF)
Axios NPM package contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
All versions starting from 0.19.0 up to 0.21.0
Upgrade to version 0.21.1 or above.
2020-11-17
source |