CVE-2020-28168

Published: Nov 6, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/axios/axios/issues/3369

x_refsource_MISC

[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052

mailing-list

x_refsource_MLIST

[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052

mailing-list

x_refsource_MLIST

[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)

mailing-list

x_refsource_MLIST

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28168

Description

Affected Products

References