Description

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Remediation

References

CVE-2020-28168

Related Vulnerabilities

WordPress Plugin WPBakery Page Builder Cross-Site Scripting (6.4.0)

WordPress Plugin Pods-Custom Content Types and Fields SQL Injection (2.5.1.1)

WordPress Plugin Social Share Icons & Social Share Buttons Unspecified Vulnerability (1.4)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)

WordPress Plugin Word Balloon Cross-Site Scripting (4.19.2)

Severity

Medium

Classification

CVE-2020-28168 CWE-918 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities