Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-28168: Requests that follow a redirect are not passing via the proxy · Issue #3369 · axios/axios

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

CVE
#vulnerability#ios#google#nodejs#js#ssrf#auth

Describe the bug

In cases where axios is used by servers to perform http requests to user-supplied urls, a proxy is commonly used to protect internal networks from unauthorized access and SSRF. This bug enables an attacker to bypass the proxy by providing a url that responds with a redirect to a restricted host/ip.

To Reproduce

The following code spawns a proxy server that always responds with a 302 redirect, so requests should never reach the target url, however, axios is only reaching the proxy once, and bypassing the proxy after the redirect response.

https://runkit.com/embed/1df5qy8lbgnc

const axios = require(‘axios’) const http = require(‘http’)

const PROXY_PORT = 8080

// A fake proxy server http.createServer(function (req, res) { res.writeHead(302, {location: 'http://example.com’}) res.end() }).listen(PROXY_PORT)

axios({ method: "get", url: "http://www.google.com/", proxy: { host: "localhost", port: PROXY_PORT, }, }) .then(® => console.log(r.data)) .catch(console.error)

The response is the rendered html of http://example.com

Expected behavior

All the requests should pass via the proxy. In the provided scenario, there should be a redirect loop.

Environment

  • Axios Version [0.21.0]
  • Node.js Version [v12.18.2]

Additional context/Screenshots

Add any other context about the problem here. If applicable, add screenshots to help explain.

Related news

CVE-2022-26869: DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907