Server-Side Request Forgery in axios #9
Comments
|
that is malware to steal your account; do not under any circumstances download or run it. The post needs to be removed. If you have attempted to run it please have your system cleaned and your account secured immediately. |
schalkwijk
added a commit
to schalkwijk/groupdocs-conversion-cloud-node
that referenced
this issue
Aug 28, 2024
This CVE is associated with `follow-redirects`, which is brought in by `axios`, so bumping `axios` to version 1.7.5 brings in the updated version of `follow-redirects` (1.15.6) without the vulnerability. This also resolves [another CVE here](groupdocs-conversion-cloud#9).
schalkwijk
added a commit
to schalkwijk/groupdocs-conversion-cloud-node
that referenced
this issue
Aug 28, 2024
This CVE is associated with `follow-redirects`, which is brought in by `axios`, so bumping `axios` to version 1.7.5 brings in the updated version of `follow-redirects` (1.15.6) without the vulnerability. This also resolves [another CVE here](groupdocs-conversion-cloud#9).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Package: axios (npm)
Affected versions: >= 1.3.2, <= 1.7.3
Patched version: 1.7.4
Please update the axios package in this repository.
The text was updated successfully, but these errors were encountered: