CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
36.5%
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
github.com/axios/axios
github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
github.com/axios/axios/issues/6463
github.com/axios/axios/pull/6539
github.com/axios/axios/pull/6543
github.com/axios/axios/releases
github.com/axios/axios/releases/tag/v1.7.4
jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
nvd.nist.gov/vuln/detail/CVE-2024-39338
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
36.5%