axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-12
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-08