Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability: Server-Side Request Forgery (SSRF) in Axios #23152

Closed
olexii4 opened this issue Sep 17, 2024 · 1 comment · Fixed by eclipse-che/che-dashboard#1176
Closed

Security Vulnerability: Server-Side Request Forgery (SSRF) in Axios #23152

olexii4 opened this issue Sep 17, 2024 · 1 comment · Fixed by eclipse-che/che-dashboard#1176
Assignees
@olexii4
Labels
area/dashboard kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.

Comments

@olexii4
Copy link
Contributor

olexii4 commented Sep 17, 2024
edited
Loading

Is your enhancement related to a problem? Please describe

Server-Side Request Forgery (SSRF) in Axios, identified as GHSA-8hc4-vh64-cxmj.

This vulnerability affects Axios to versions 1.7.3, where path-relative URLs are incorrectly processed as protocol-relative URLs, leading to potential SSRF attacks.

Describe the solution you'd like

Upgrade libs:

  • Axios to v1.7.5
  • Webpack to v5.94.0
@olexii4 olexii4 added the kind/enhancement A feature request - must adhere to the feature request template. label Sep 17, 2024
@olexii4 olexii4 self-assigned this Sep 17, 2024
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 17, 2024
@olexii4
Copy link
Contributor Author

olexii4 commented Sep 17, 2024

Fixed with eclipse-che/che-dashboard#1176 and eclipse-che/che-dashboard#1178.

@olexii4 olexii4 closed this as completed Sep 17, 2024
This was referenced Sep 17, 2024
Merged
Merged
@olexii4 olexii4 added area/dashboard severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Sep 17, 2024
@olexii4 olexii4 moved this to ✅ Done in Eclipse Che Team A Backlog Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olexii4 olexii4

Labels
area/dashboard kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.
Projects
Eclipse Che Team A Backlog
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: upgrade axios eclipse-che/che-dashboard
2 participants
@olexii4 @che-bot