-
Axios 1.7.2 allows SSRF via unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs.
-
### Link to the code that reproduces this issue
https://codesandbox.io/p/sandbox/next-js-forked-slktwp
### To Reproduce
When start my application, my header is visible in the browser. This is causi…
-
Here is a simple node.js application that renders a user input in a pdf with html-pdf : [glitch pen](https://splash-bamboo.glitch.me/)
It seems that you can inject js file in no time with a that i…
-
Kubeflow official setup has a default credential:
https://github.com/kubeflow/manifests?tab=readme-ov-file#port-forward
I can write a plugin to detect this with a successful login message, furthe…
-
It seems that there's SSRF vulnerability in hackershare. See https://hackershare.dev/en/bookmarks/970288, the metadata of the server is exposed, which is not supposed to happen.
You can refer to ht…
-
When using the Embed library, validation of the input URLs to fetch from is left to the implementor. This means that a naive implementation of the library would be vulnerable to [SSRF ](https://www.…
-
![image](https://github.com/user-attachments/assets/cc0d928b-3c52-41e6-a27d-a7da60adbc6b)
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as prot…
-
Contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.…
-
jiojibn
-
### What happened?
I added several podcasts, and most of them worked just fine, except a couple, such as `D&D is for Nerds` or `Radiolab`.
### What did you expect to happen?
I would like to be able…