Skip to content
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.

Security Alert - Package: axios; Severity: HIGH #787

Open
phenggeler opened this issue Jan 25, 2022 · 1 comment
Open

Security Alert - Package: axios; Severity: HIGH #787

phenggeler opened this issue Jan 25, 2022 · 1 comment

Comments

@phenggeler
Copy link

phenggeler commented Jan 25, 2022
edited
Loading 

    Affected package: axios
    Ecosystem: NPM
    Affected version range: < 0.21.1

    Summary: Server-Side Request Forgery in Axios
    Description: Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-4w2v-q235-vp99'}, {'type': 'CVE', 'value': 'CVE-2020-28168'}]

    Fixed Version: 0.21.1
    Created Date = January 25, 2022

    

    ---
    
    Affected package: axios
    Ecosystem: NPM
    Affected version range: <= 0.21.1

    Summary: Incorrect Comparison in axios
    Description: axios is vulnerable to Inefficient Regular Expression Complexity
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-cph5-m8f7-6c5x'}, {'type': 'CVE', 'value': 'CVE-2021-3749'}]

    Fixed Version: 0.21.2
    Created Date = January 25, 2022

    

    ---
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Catacola @phenggeler