CVE-2024-39338

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 23, 2024
CWE ID 918

Summary

CVE-2024-39338 is a newly disclosed vulnerability affecting version 1.7.2 of axios, a popular JavaScript library for making HTTP requests. This issue permits Server Side Request Forgery (SSRF) attacks due to an unexpected processing behavior of axios. Instead of handling path relative URLs appropriately, axios interprets them as protocol relative URLs, potentially enabling attackers to redirect vulnerable applications to malicious servers and execute unauthorized actions. This security flaw could lead to severe consequences, including data theft, server compromise, or unintended data exposure. Upgrading to a newer version of axios is strongly recommended to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share