Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2024-39338
Good to know:
Date: August 8, 2024
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Language: JS
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
CWE-918Top Fix
Upgrade Version
Upgrade to version axios - 1.7.4;katanox/katanox-php - no_fix;katanox/katanox-php - dev-feat/PS4-525/updates-in-availability-flow;katanox/katanox-php - dev-source-of-booking;katanox/katanox-php - dev-temp;insyht/larvelous-shop - no_fix;haspadar/palto - dev-regions;antoniosiles/nova-4-card-map-plus - no_fix;rogelio1502/ef-package - 0.0.47;rogelio1502/ef-package - 0.0.22;erenilhan/ss2i-openstreetmap-custom - no_fix;hexgad/media - no_fix;insyht/larvelous - no_fix;insyht/larvelous - 0.1;quickstart/laravel-boilerplate - no_fix;phila088/aphii - no_fix;foxcreator/onlineshop - no_fix;lensphp/lens - no_fix;piksera/core - no_fix;laraxot/module_job_fila3 - dev-dependabot/npm_and_yarn/postcss-8.4.43;laraxot/module_job_fila3 - dev-dependabot/npm_and_yarn/postcss-nesting-13.0.0;besnik/laravel-filtering - no_fix;org.webjars.npm:github-com-axios-axios:no_fix;org.webjars.npm:axios:1.7.4
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |