dslink@2.2.3 vulnerabilities | dslink 2.2.3

Vulnerabilities	1 via 1 paths
Dependencies	40
Source	npm

Find a vulnerability free version of dslink | View dslink package health on Snyk Advisor

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

High
Medium
1
Low

Status

Open
1
Patched
0
Ignored
0

medium severity

Server-Side Request Forgery (SSRF)

Vulnerable module: axios
Introduced through: axios@0.19.2

Detailed paths

Introduced through: dslink@2.2.3 › axios@0.19.2

Remediation: Upgrade to axios@0.21.1.

Overview

axios is a promise based HTTP client for the browser and node.js.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Remediation

Upgrade axios to version 0.21.1 or higher.

References

GitHub Commit
GitHub Issue
GitHub Security Advisory
NPM Advisory

Server-Side Request Forgery (SSRF) vulnerability report

dslink@2.2.3

Vulnerabilities

Dependencies

Source