CVE-2024-39338

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions axios versions 1.3.2 through 1.7.3

Description The issue allows Server-Side Request Forgery (SSRF) via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. This could lead to internal system access or data exfiltration.

Recommendations For axios versions 1.3.2 through 1.7.3, update to version 1.7.5 or later to resolve the high vulnerability. As a temporary workaround, consider restricting URL manipulation to minimize the risk of SSRF exploitation.

Exploit

Fix

RCE

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-39338

GHSA-8HC4-VH64-CXMJ

OPENSUSE-SU-2024:14282-1

OPENSUSE-SU-2024_3771-1

SUSE-SU-2024:3771-1

Affected Products

Suse

Axios

CVE-2024-39338

Weakness Enumeration

Related Identifiers

Affected Products

References · 50