-
Axios 1.7.2 allows SSRF via unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs.
-
I need to force users to be authenticated, so I added the following to my functions:
```
add_action( 'parse_request', 'force_user_login', 1 );
function force_user_login() {
is_user_logged_in…
-
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host …
-
#### On what page in the application did you find this issue?
http://192.168.0.103/churchcrm/v2/user/2/changePassword
#### On what type of server is this running? Dedicated / Shared hosting? L…
-
The npm package [axios](https://www.npmjs.com/package/axios), versions `1.3.2` to `1.7.3`, has been reported to have a high-severity vulnerability - [Server-Side Request Forgery](https://github.com/ad…
-
Our application is using:
- **ABP 8.0.0**
- **Angular**
- **EF Core**
Pen test results have requested we make all cookies `HttpOnly` / `Secure`.
To achieve this we create this cookie policy…
-
## Issue Description
The link for the keyword "nonces" under the "Cross-Site Request Forgery (CSRF)" section on the page leads to a 404 error page.
## URL of the Page with the Issue
https://devel…
-
Axios 1.7.2 allows SSRF via unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs.
-
### Support Questions
Hello guys
I'm update my containers core (v2.4.198) and modules (v2.4.197) and kept the redis and mariadb. After change containers version in compose file I runned "compose u…
-
Over the years, we've received many bug bounty reports relating to Server side request forgery (SSRF) attacks. In a nutshell, these attacks use short-lived DNS entries to direct Web hooks and other UR…