Closed olexii4 closed 1 day ago
Server-Side Request Forgery (SSRF) in Axios, identified as https://github.com/advisories/GHSA-8hc4-vh64-cxmj.
This vulnerability affects Axios to versions 1.7.3, where path-relative URLs are incorrectly processed as protocol-relative URLs, leading to potential SSRF attacks.
Upgrade libs:
Fixed with https://github.com/eclipse-che/che-dashboard/pull/1176 and https://github.com/eclipse-che/che-dashboard/pull/1178.
olexii4
commented
1 day ago
Is your enhancement related to a problem? Please describe
Server-Side Request Forgery (SSRF) in Axios, identified as https://github.com/advisories/GHSA-8hc4-vh64-cxmj.
This vulnerability affects Axios to versions 1.7.3, where path-relative URLs are incorrectly processed as protocol-relative URLs, leading to potential SSRF attacks.
Describe the solution you'd like
Upgrade libs: