CVE-2020-28168

Name of the Vulnerable Software and Affected Versions Axios NPM package version 0.21.0

Description The issue is related to insufficient validation of incoming requests in the Axios library, which can be exploited by a remote attacker to perform a Server-Side Request Forgery (SSRF) attack. This allows the attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Recommendations For Axios NPM package version 0.21.0, consider disabling the vulnerable functionality until a patch is available. Restrict access to the axios library to minimize the risk of exploitation. Avoid using the url parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.