I noticed a security vulnerability in axios package 0.22.0 related to SSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Please refer to the screenshot below for more information.
Introduced through: package.json@* › @mhoc/axios-digest-auth@0.8.0 › axios@0.22.0
I have checked axios package and they have new versions.
Will axios-digest-auth consider upgrading the version of axios from 0.22.0 to some stable version where we don't get the CSRF vulnerability?
If yes, could you please let us know the deadline by which this can be accomplished?
Hi,
I noticed a security vulnerability in axios package 0.22.0 related to SSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Please refer to the screenshot below for more information. Introduced through: package.json@* › @mhoc/axios-digest-auth@0.8.0 › axios@0.22.0
I have checked axios package and they have new versions.