CVE-2020-28168

Published November 6th, 2020

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

axios/axios

Promise based HTTP client for the browser and node.js

GitHub

109K