VYPR
Moderate severityNVD Advisory· Published Nov 6, 2020· Updated Aug 4, 2024

CVE-2020-28168

CVE-2020-28168

Description

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
axiosnpm
< 0.21.10.21.1

Affected products

2
  • Axios/Axios NPM packagedescription
  • ghsa-coords
    Range: < 0.21.1

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.