search

mhoc / axios-digest-auth

Axios-like HTTP Digest Auth
https://axios-digest-auth.mhoc.co
The Unlicense
12 stars 20 forks source link

CSRF Security Vulnerability #12

Open maverickCool10 opened 4 months ago

maverickCool10 commented 4 months ago

Hi,

I noticed a security vulnerability in axios package 0.22.0 related to SSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Please refer to the screenshot below for more information. Introduced through: package.json@* › @mhoc/axios-digest-auth@0.8.0 › axios@0.22.0

I have checked axios package and they have new versions.

  1. Will axios-digest-auth consider upgrading the version of axios from 0.22.0 to some stable version where we don't get the CSRF vulnerability?
  2. If yes, could you please let us know the deadline by which this can be accomplished?

Screenshot 2024-02-23 at 7 26 03 AM

maverickCool10 commented 4 months ago

Can someone please take a look into this issue?