Skip to content

fix(sec): disregard protocol-relative URL to remediate SSRF#6539

Merged
jasonsaayman merged 5 commits into
axios:v1.xfrom
hainenber:resolve-cve-2024-39338
Aug 13, 2024
Merged

fix(sec): disregard protocol-relative URL to remediate SSRF#6539
jasonsaayman merged 5 commits into
axios:v1.xfrom
hainenber:resolve-cve-2024-39338

Conversation

@hainenber

Copy link
Copy Markdown
Contributor

Closes #6463

Disregard protocol-relative URLs when building canonical URLs to avoid SSRF from protocol hijacking

Signed-off-by: hainenber <dotronghai96@gmail.com>
…OS-7361793 fixed in future version

Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber

Copy link
Copy Markdown
Contributor Author

Regression test added

@hainenber
hainenber marked this pull request as ready for review August 12, 2024 16:39
Signed-off-by: hainenber <dotronghai96@gmail.com>
@lui7henrique

lui7henrique commented Aug 12, 2024

Copy link
Copy Markdown

vamo aprovar ai galera bora

@pargon

pargon commented Aug 12, 2024

Copy link
Copy Markdown

Komaan vriend, die gemeenskap wag

@bhaugeea

Copy link
Copy Markdown

Komaan vriend, die gemeenskap wag

It's the middle of the night for the unpaid maintainer in South Africa.

Signed-off-by: hainenber <dotronghai96@gmail.com>

@AnkitTajpara AnkitTajpara left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me!
please merge ASAP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Server-Side Request Forgery Vulnerability (CVE-2024-39338)