CVE-2020-28168
published 2020-11-06CVE-2020-28168: Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axios | axios | >= 0 < 0.21.1 | 0.21.1 |
| axios | axios | 0.19.0 – 0.21.0 | — |
| debian | node-axios | < node-axios 0.21.1+dfsg-1 (bookworm) | node-axios 0.21.1+dfsg-1 (bookworm) |
| siemens | sinec_ins | < 1.0 | 1.0 |
| siemens | sinec_ins | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM