Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2020-28168

Published: 06/11/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Axios

Vulnerability Summary

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

axios axios

siemens sinec ins 1.0

siemens sinec ins

Vendor Advisories

Debian CVElist Bug Report Logs: node-axios: CVE-2020-28168
Debian Bug report logs - #975305 node-axios: CVE-2020-28168 Package: src:node-axios; Maintainer for src:node-axios is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 20 Nov 2020 09:03:01 UTC Severity: important Tags: securi ...

ICS Advisories

Siemens SINEC INS

Github Repositories

https://github.com/0x1mahmoud/FeedNext-2Vulns

I Found 2 Critical Vulnerabilities On FeedNext Open Source

FeedNext-2Vulns I Found 2 Critical Vulnerabilities On FeedNext Open Source The First one is CVE-2017-18381: Description: The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials The vulnerable section in the picture below - it's because MongoDB old version Severity = Critical The Second One

https://github.com/FB-Sec/exploits

exploits CVE DESCRIPTION LINK CVE-2021-27582 MITREid-Connect-mass-assignment(autobinding) githubcom/FB-Sec/Translation/blob/main/OAuth%E9%9A%90%E8%97%8F%E6%94%BB%E5%87%BB%E9%9D%A2%E5%88%86%E6%9E%90/OAuth%E9%9A%90%E8%97%8F%E6%94%BB%E5%87%BB%E9%9D%A2%E5%88%86%E6%9E%90md CVE-2021-26715 MITREid-Connect-SSRF githubcom/FB-Sec/Translation/blob/main/OAuth%E9

References

CWE-918https://github.com/axios/axios/issues/3369https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975305https://nvd.nist.govhttps://github.com/0x1mahmoud/FeedNext-2Vulnshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook