Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Possible bug: Vulnerability SSRF
See original GitHub issueDescribe the bug
In my current project we are using Snyk to catch any possible issues and vulnerabilities. Snyk reports that since version 0.19.0 there is SSRF vulnerability that has no been fixed yet.
This is the message:
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Could you please verify? Thanks in advance.
To Reproduce
Any pen tests or just using Snyk to scan any app that uses axios.
Expected behavior
No vulnerabilities alerts.
Environment
- Axios Version [0.21.0]
- Adapter [HTTP]
- Browser [All]
- Browser Version [x]
- Node.js Version [12.14.1]
- OS: [x]
- Additional Library Versions [x]
Additional context/Screenshots
Add any other context about the problem here. If applicable, add screenshots to help explain.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@jasonsaayman, do you have an ETA for v0.21.1 or a patch with respect to this CVE?
Hi All,
I am waiting for an ETA on this release, I will update as soon as I know when it will be or is out. If I could release this I would as I know its an issue for many people and even for me personally on my projects where CI/CD fails cause of it.
Thanks