Skip to content
This repository was archived by the owner on Apr 24, 2025. It is now read-only.
This repository was archived by the owner on Apr 24, 2025. It is now read-only.

CVE-2024-39338 Server-Side Request Forgery Vulnerability in Axios #1644

Open
Open
CVE-2024-39338 Server-Side Request Forgery Vulnerability in Axios#1644
@rmtuckerphx

Description

@rmtuckerphx
rmtuckerphx
opened on Oct 24, 2024

I'm submitting a...

  • Bug report
  • Feature request
  • Documentation issue or request
  • Other... Please describe:

Expected Behavior

Update to axios v1.7.4
https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html

Current Behavior

Axios is vulnerable to a Server-Side Request Forgery attack caused by unexpected behaviour where requests for path relative URLs get processed as protocol relative URLs.

In package.json for Jovo Framework, axios is set to:
"axios": "^0.21.1",

Should be set to:
"axios": "^1.7.4",

Error Log

None

Your Environment

  • Jovo Framework version used: 4.6.2
  • Operating System: Windows 11 Pro

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions