Server-Side Request Forgery in axios

groupdocs-conversion-cloud / groupdocs-conversion-cloud-node

Node.js SDK to communicate with the GroupDocs.Conversion REST API. Convert between 50+ document & image formats with zero initial cost.

https://products.groupdocs.cloud/conversion/nodejs

MIT License

1 stars 1 forks source link

Server-Side Request Forgery in axios #9

Open maiznadeem opened 2 months ago

maiznadeem commented 2 months ago

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Package: axios (npm) Affected versions: >= 1.3.2, <= 1.7.3 Patched version: 1.7.4

Please update the axios package in this repository.

caineblood commented 2 months ago

that is malware to steal your account; do not under any circumstances download or run it. The post needs to be removed. If you have attempted to run it please have your system cleaned and your account secured immediately.