Description

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Remediation

References

CVE-2024-39338

Related Vulnerabilities

WordPress Plugin Contact Form 7 Security Bypass (4.1)

WebLogic CVE-2023-22108 Vulnerability (CVE-2023-22108)

WordPress Plugin Classified Listing Pro & Directory Cross-Site Scripting (2.0.19)

Undertow Missing Authorization Vulnerability (CVE-2019-10184)

WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)

Severity

High

Classification

CVE-2024-39338 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities