Source: node-axios Version: 0.21.0+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/axios/axios/issues/3369 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-axios. CVE-2020-28168[0]: | Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) | vulnerability where an attacker is able to bypass a proxy by providing | a URL that responds with a redirect to a restricted host or IP | address. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168 [1] https://github.com/axios/axios/issues/3369 Please adjust the affected versions in the BTS as needed. Regards, Salvatore