CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*

History

23 Aug 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.0
v2 : unknown
v3 : 7.5
First Time Axios
Axios axios
References () https://github.com/axios/axios/releases - () https://github.com/axios/axios/releases - Release Notes
References () https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html - () https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html - Exploit, Third Party Advisory
CPE cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*

15 Aug 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 4.0
Summary
  • (es) axios 1.7.2 permite SSRF a través de un comportamiento inesperado donde las solicitudes de URL relativas a la ruta se procesan como URL relativas al protocolo.

12 Aug 2024, 21:35

Type Values Removed Values Added
CWE CWE-918
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-23 18:35


NVD link : CVE-2024-39338

Mitre link : CVE-2024-39338

CVE.ORG link : CVE-2024-39338


JSON object : View

Products Affected

axios

  • axios
CWE
CWE-918

Server-Side Request Forgery (SSRF)