Open mend-for-github-com[bot] opened 1 month ago
Library home page: https://registry.npmjs.org/axios/-/axios-1.6.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Unreachable
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **axios-1.6.8.tgz** (Vulnerable Library)
Found in base branches: main, develop
The vulnerable code is unreachable
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Publish Date: 2024-08-09
URL: CVE-2024-39338
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-8hc4-vh64-cxmj
Release Date: 2024-08-09
Fix Resolution: 1.7.4
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.
Vulnerable Library - axios-1.6.8.tgz
Library home page: https://registry.npmjs.org/axios/-/axios-1.6.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Vulnerabilities
Unreachable
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-39338
### Vulnerable Library - axios-1.6.8.tgzLibrary home page: https://registry.npmjs.org/axios/-/axios-1.6.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy: - :x: **axios-1.6.8.tgz** (Vulnerable Library)
Found in base branches: main, develop
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability Detailsaxios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Publish Date: 2024-08-09
URL: CVE-2024-39338
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-8hc4-vh64-cxmj
Release Date: 2024-08-09
Fix Resolution: 1.7.4
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.