SSRF vulnerability in Axios #1217
Labels
Comments
thinkingserious
added
status: help wanted
|
Thank you for reporting this @huydoan2! |
|
This vulnerability has since been fixed on axios@0.21.1. Can you bump this dependency when you get a chance? |
matt-catellier
added a commit
to matt-catellier/sendgrid-nodejs
that referenced
this issue
Jan 5, 2021
Update axios to 0.21.1 to resolve SSRF outlined here sendgrid#1217
|
Thanks @shackbarth. I create a pull request with changes to review here @thinkingserious #1236 |
|
Any update on this? Will be resolved by this merge request #1239 |
|
fix has been published to npm as v7.4.1 |
|
Hey! I think we can close this issue :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Summary
The latest version of sendgrid-nodejs,
7.4.0is using axios0.19.2which contains a Server Side Request Forgery (SSRF) vulnerability. Currently there's no patch available from axios. Please update sendgrid-nodejs whenever the fixes are available.Axios tracking issue:
axios/axios#3369
Vulnerability report from Snyk:
https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
Technical details:
Note
@sendgrid/mail will also need to be updated when fixes are available.
The text was updated successfully, but these errors were encountered: