New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Component Governance fails due to axios@0.20.0 #6702
Comments
jonthysell
added
bug
security
Pull requests that address a security vulnerability
labels
Dec 7, 2020
ghost
added
the
Needs: Triage 🔍
New issue that needs to be reviewed by the issue management team (label applied by bot)
label
Dec 7, 2020
chrisglein
removed
the
Needs: Triage 🔍
New issue that needs to be reviewed by the issue management team (label applied by bot)
label
Dec 11, 2020
As per axios/axios#3410, fix set to be released in |
@jonthysell is there an ETA on when |
It looks like |
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this issue
Jan 4, 2021
jonthysell
added a commit
that referenced
this issue
Jan 4, 2021
Appium support brings in axios. Appium support has updated to ^0.21.1 in their master, but have not published the fix. We can remove this resolution if we remove Appium. Closes #6702
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this issue
Jan 4, 2021
Appium support brings in axios. Appium support has updated to ^0.21.1 in their master, but have not published the fix. We can remove this resolution if we remove Appium. Closes microsoft#6702
jonthysell
added a commit
that referenced
this issue
Jan 4, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a
proxy by providing a URL that responds with a redirect to a restricted host or IP address.
The text was updated successfully, but these errors were encountered: