🔐 Weekly #SecurityAlert: [HIGH] CVE-2024-39338 — #Axios SSRF via Path‑to‑Protocol Relative URL Handling • What vulnerability was discovered? A #vulnerability in Axios (v1.3.2–1.7.3) causes path-relative URLs (like /…) to be misinterpreted as protocol-relative, ignoring the baseURL and enabling requests to attacker-controlled domains. • Is it exploitable? Yes - no auth, no interaction, no complex setup needed. Attackers can trick the server into making SSRF requests to internal or external services. • Should I ignore it? Definitely not. Upgrade to Axios 1.7.4+ ASAP. Can't upgrade right away? Enforce strict URL input validation to block protocol-relative and malformed paths. 📌 Learn more including: • How this bug bypasses baseURL • Real-world scenarios for silent SSRF • Temporary mitigations you can apply today 🦎 Adapt to every threat, and stay safe! #cybersecurity #SSRF #infosec More in our website: https://lnkd.in/exgvAuf9
