You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Axios is vulnerable to a Server-Side Request Forgery attack caused by unexpected behaviour where requests for path relative URLs get processed as protocol relative URLs.
In package.json for Jovo Framework, axios is set to:
"axios": "^0.21.1",
Should be set to:
"axios": "^1.7.4",
Error Log
None
Your Environment
Jovo Framework version used: 4.6.2
Operating System: Windows 11 Pro
The text was updated successfully, but these errors were encountered:
I'm submitting a...
Expected Behavior
Update to axios v1.7.4
https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
Current Behavior
Axios is vulnerable to a Server-Side Request Forgery attack caused by unexpected behaviour where requests for path relative URLs get processed as protocol relative URLs.
In package.json for Jovo Framework, axios is set to:
"axios": "^0.21.1",
Should be set to:
"axios": "^1.7.4",
Error Log
Your Environment
The text was updated successfully, but these errors were encountered: