CVE-2024-39338
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-39338 is a newly disclosed vulnerability affecting version 1.7.2 of axios, a popular JavaScript library for making HTTP requests. This issue permits Server Side Request Forgery (SSRF) attacks due to an unexpected processing behavior of axios. Instead of handling path relative URLs appropriately, axios interprets them as protocol relative URLs, potentially enabling attackers to redirect vulnerable applications to malicious servers and execute unauthorized actions. This security flaw could lead to severe consequences, including data theft, server compromise, or unintended data exposure. Upgrading to a newer version of axios is strongly recommended to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Axios
Affected Vendors
- Axios