Lucene search
AnonymousNODEJS:1594HistoryJan 04, 2021 - 9:04 p.m.
Server-Side Request Forgery
2021-01-0421:04:59
Anonymous
www.npmjs.com
105
0.003 Low
EPSS
Percentile
68.3%
Overview
The axios NPM package before 0.21.1 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Recommendation
Upgrade to 0.21.1 or later.
References
Related
cvelist
cvelist
CVE-2020-28168
2020-11-06 19:22:38
nvd
nvd
CVE-2020-28168
2020-11-06 20:15:13
osv
osv
CVE-2020-28168
2020-11-06 20:15:13
Axios vulnerable to Server-Side Request Forgery
2021-01-04 20:59:40
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a Server-Side Request Forgery vulnerability (CVE-2020-28168)
2021-04-29 10:59:12
prion
prion
Server side request forgery (ssrf)
2020-11-06 20:15:00
github
github
Axios vulnerable to Server-Side Request Forgery
2021-01-04 20:59:40
redhatcve
redhatcve
CVE-2020-28168
2020-11-09 19:38:12
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-11-09 11:41:33
ubuntucve
ubuntucve
CVE-2020-28168
2020-11-06 00:00:00
debiancve
debiancve
CVE-2020-28168
2020-11-06 20:15:13
cve
cve
CVE-2020-28168
2020-11-06 20:15:13
huntr
huntr
Using vulnerable dependencies in package.json
2022-03-18 16:59:02
ics
ics
Siemens SINEC INS
2022-09-15 12:00:00