Skip to content

High Severity: axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL #121

Closed
Closed
High Severity: axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL#121
@elawad

Description

@elawad
elawad
opened on Mar 11, 2025

Hello,
We're seeing a high audit alert on CloudConvert, which uses Axios version 0.28.1.

CloudConvert version: 2.3.7

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ axios Requests Vulnerable To Possible SSRF and Credential    │
│               │ Leakage via Absolute URL                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.8.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cloudconvert                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ cloudconvert > axios                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1102472                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

Could this possibly be patched up.
Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions