Skip to content

fix(sec): disregard protocol-relative URL to remediate SSRF#6539

Merged
jasonsaayman merged 5 commits intoaxios:v1.xfrom
hainenber:resolve-cve-2024-39338
Aug 13, 2024
Merged

fix(sec): disregard protocol-relative URL to remediate SSRF#6539
jasonsaayman merged 5 commits intoaxios:v1.xfrom
hainenber:resolve-cve-2024-39338

Conversation

@hainenber
Copy link
Contributor

@hainenber hainenber commented Aug 12, 2024

Closes #6463

Disregard protocol-relative URLs when building canonical URLs to avoid SSRF from protocol hijacking

@hainenber
Copy link
Contributor Author

hainenber commented Aug 12, 2024

Regression test added

@hainenber hainenber marked this pull request as ready for review August 12, 2024 16:39
@lui7henrique
Copy link

lui7henrique commented Aug 12, 2024
edited
Loading

vamo aprovar ai galera bora

@pargon
Copy link

pargon commented Aug 12, 2024

Komaan vriend, die gemeenskap wag

@bhaugeea
Copy link

bhaugeea commented Aug 12, 2024

Komaan vriend, die gemeenskap wag

It's the middle of the night for the unpaid maintainer in South Africa.

@hainenber
chore: fix eslint issues
c65c9fc 
Signed-off-by: hainenber <[email protected]>
@sumitsuthar sumitsuthar mentioned this pull request Aug 13, 2024
Closed
@KentaHizume KentaHizume mentioned this pull request Aug 13, 2024
Closed
1 task
@perry-mitchell perry-mitchell mentioned this pull request Aug 13, 2024
Closed
AnkitTajpara
AnkitTajpara approved these changes Aug 13, 2024
View reviewed changes
Copy link

@AnkitTajpara AnkitTajpara left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me!
please merge ASAP.

@pradumchintamani pradumchintamani mentioned this pull request Oct 30, 2024
Open
@rajadileepkolli rajadileepkolli mentioned this pull request Oct 30, 2024
Closed
@Niaz-estefaie Niaz-estefaie mentioned this pull request Oct 30, 2024
Open
@Erenkrs Erenkrs mentioned this pull request Oct 30, 2024
Open
@Blue09101991 Blue09101991 mentioned this pull request Oct 30, 2024
Open
@codingdud codingdud mentioned this pull request Oct 31, 2024
Open
@Sharifoff Sharifoff mentioned this pull request Nov 1, 2024
Open
@rohanssalunkhe rohanssalunkhe mentioned this pull request Nov 1, 2024
Merged
@jul1oCesar0 jul1oCesar0 mentioned this pull request Nov 2, 2024
Open
@earthiverse earthiverse mentioned this pull request Nov 2, 2024
Merged
@dolevmiz1 dolevmiz1 mentioned this pull request Nov 2, 2024
Merged
@jakejack13 jakejack13 mentioned this pull request Nov 2, 2024
Closed
@PietroBossolasco PietroBossolasco mentioned this pull request Nov 3, 2024
Open
@leonardoGit99 leonardoGit99 mentioned this pull request Nov 5, 2024
Open
@nejidevelops nejidevelops mentioned this pull request Nov 6, 2024
Open
@bhat-abhishek bhat-abhishek mentioned this pull request Nov 6, 2024
Open
@pradumchintamani pradumchintamani mentioned this pull request Nov 6, 2024
Open
@Erenkrs Erenkrs mentioned this pull request Nov 6, 2024
Open
@MikeTeddyOmondi MikeTeddyOmondi mentioned this pull request Nov 6, 2024
Closed
@ClovisBN ClovisBN mentioned this pull request Nov 7, 2024
Open
@Matas-V Matas-V mentioned this pull request Nov 8, 2024
Open
@snyk-io snyk-io bot mentioned this pull request Nov 9, 2024
Merged
@aurelienfvre aurelienfvre mentioned this pull request Nov 10, 2024
Open
@caniszczyk caniszczyk mentioned this pull request Nov 10, 2024
Closed
@blacklight blacklight mentioned this pull request Nov 11, 2024
Merged
@lunoon lunoon mentioned this pull request Nov 12, 2024
Closed
@Niaz-estefaie Niaz-estefaie mentioned this pull request Nov 12, 2024
Open
@pradumchintamani pradumchintamani mentioned this pull request Nov 13, 2024
Open
This was referenced Oct 27, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

137 more reviewers

@maratsh maratsh maratsh approved these changes

@Alexey-Lukin Alexey-Lukin Alexey-Lukin approved these changes

@pau1phi11ips pau1phi11ips pau1phi11ips approved these changes

@krusche krusche krusche approved these changes

@andrewRichardson andrewRichardson andrewRichardson approved these changes

@TruDan TruDan TruDan approved these changes

@manzan46 manzan46 manzan46 approved these changes

@dimitribrisset dimitribrisset dimitribrisset approved these changes

@Aaron-Durant Aaron-Durant Aaron-Durant approved these changes

@nuno-morais nuno-morais nuno-morais approved these changes

@khawerrind khawerrind khawerrind approved these changes

@picq picq picq approved these changes

@eduardoborges eduardoborges eduardoborges approved these changes

@Puppo Puppo Puppo approved these changes

@melisiweb melisiweb melisiweb approved these changes

@magnusburton magnusburton magnusburton approved these changes

@tungomedia tungomedia tungomedia approved these changes

@kkanyingi kkanyingi kkanyingi approved these changes

@rbrazhnyk rbrazhnyk rbrazhnyk approved these changes

@felixveysseyre felixveysseyre felixveysseyre approved these changes

@dBiazioli dBiazioli dBiazioli approved these changes

@amin3mej amin3mej amin3mej approved these changes

@parthjmistry parthjmistry parthjmistry approved these changes

@apvale apvale apvale approved these changes

@Benimation Benimation Benimation approved these changes

@Artsm3iH Artsm3iH Artsm3iH approved these changes

@thereis thereis thereis approved these changes

@joaolrpaulo joaolrpaulo joaolrpaulo approved these changes

@tom-reinders tom-reinders tom-reinders approved these changes

@sergiolib sergiolib sergiolib approved these changes

@Philip-Carneiro Philip-Carneiro Philip-Carneiro approved these changes

@ckcr4lyf ckcr4lyf ckcr4lyf approved these changes

@fanhousanbu fanhousanbu fanhousanbu approved these changes

@Micky2149 Micky2149 Micky2149 approved these changes

@alejo-0204 alejo-0204 alejo-0204 approved these changes

@jmfennell jmfennell jmfennell approved these changes

@pargon pargon pargon approved these changes

@damianrebolo damianrebolo damianrebolo approved these changes

@richardweb23 richardweb23 richardweb23 approved these changes

@shawara shawara shawara approved these changes

@Jojr Jojr Jojr approved these changes

@werdes72 werdes72 werdes72 approved these changes

@DamienGdn DamienGdn DamienGdn approved these changes

@kevinkasper kevinkasper kevinkasper approved these changes

@JosueMOsunaG12 JosueMOsunaG12 JosueMOsunaG12 approved these changes

@pinussilvestrus pinussilvestrus pinussilvestrus approved these changes

@andreiculda andreiculda andreiculda approved these changes

@alexile alexile alexile approved these changes

@wmhafiz wmhafiz wmhafiz approved these changes

@muddahany muddahany muddahany approved these changes

@timdavish timdavish timdavish approved these changes

@chunkhang chunkhang chunkhang approved these changes

@cata-on cata-on cata-on approved these changes

@alinawww alinawww alinawww approved these changes

@enigmatt-pl enigmatt-pl enigmatt-pl approved these changes

@jacktomlinson jacktomlinson jacktomlinson approved these changes

@kieranbarlow kieranbarlow kieranbarlow approved these changes

@lcruz09 lcruz09 lcruz09 approved these changes

@marklai1998 marklai1998 marklai1998 approved these changes

@anatolie-darii anatolie-darii anatolie-darii approved these changes

@run-crash-run run-crash-run run-crash-run approved these changes

@manuelc2209 manuelc2209 manuelc2209 approved these changes

@rocoradi rocoradi rocoradi approved these changes

@mandy8055 mandy8055 mandy8055 approved these changes

@kristof-siket kristof-siket kristof-siket approved these changes

@JochemvanHout JochemvanHout JochemvanHout approved these changes

@castlerock-org-uk castlerock-org-uk castlerock-org-uk approved these changes

@gkonuralp gkonuralp gkonuralp approved these changes

@Core-entin Core-entin Core-entin approved these changes

@lukecurtis93 lukecurtis93 lukecurtis93 approved these changes

@kurroo10 kurroo10 kurroo10 approved these changes

@kantivekariya kantivekariya kantivekariya approved these changes

@NicholasTing NicholasTing NicholasTing approved these changes

@cem-ergin cem-ergin cem-ergin approved these changes

@sirajeddineaissa sirajeddineaissa sirajeddineaissa approved these changes

@Thejus-Paul Thejus-Paul Thejus-Paul approved these changes

@simonmrog simonmrog simonmrog approved these changes

@andreirogobete andreirogobete andreirogobete approved these changes

@maaaathis maaaathis maaaathis approved these changes

@Lfkoshe4rt Lfkoshe4rt Lfkoshe4rt approved these changes

@bkrmadtya bkrmadtya bkrmadtya approved these changes

@ninicdennis ninicdennis ninicdennis approved these changes

@michaelcozzolino michaelcozzolino michaelcozzolino approved these changes

@rymnc rymnc rymnc approved these changes

@domisProgrammingMemes domisProgrammingMemes domisProgrammingMemes approved these changes

@Lucasnhso Lucasnhso Lucasnhso approved these changes

@thoughtlessmind thoughtlessmind thoughtlessmind approved these changes

@1nurav 1nurav 1nurav approved these changes

@tzaitsev-rl tzaitsev-rl tzaitsev-rl approved these changes

@HeyThisHaku HeyThisHaku HeyThisHaku approved these changes

@TheSWHero TheSWHero TheSWHero approved these changes

@josejimenez-swipejobs josejimenez-swipejobs josejimenez-swipejobs approved these changes

@dalideco dalideco dalideco approved these changes

@tateccf tateccf tateccf approved these changes

@Raymond-Ly Raymond-Ly Raymond-Ly approved these changes

@anusha-c18 anusha-c18 anusha-c18 approved these changes

@undeparg undeparg undeparg approved these changes

@IndiGan IndiGan IndiGan approved these changes

@Agada-nonet Agada-nonet Agada-nonet approved these changes

@gcagle3 gcagle3 gcagle3 approved these changes

@canblt canblt canblt approved these changes

@AnkitTajpara AnkitTajpara AnkitTajpara approved these changes

@pdykmann96 pdykmann96 pdykmann96 approved these changes

@abukati abukati abukati approved these changes

@rjcodedev rjcodedev rjcodedev approved these changes

@dgilmanAIDENTIFIED dgilmanAIDENTIFIED dgilmanAIDENTIFIED approved these changes

@puneet-banknovo puneet-banknovo puneet-banknovo approved these changes

@Kryvchun Kryvchun Kryvchun approved these changes

@antonioavelarfidel antonioavelarfidel antonioavelarfidel approved these changes

@spperforce spperforce spperforce approved these changes

@mohammadnadimi mohammadnadimi mohammadnadimi approved these changes

@sb-prateekkeerthi sb-prateekkeerthi sb-prateekkeerthi approved these changes

@aleksandriachmenev aleksandriachmenev aleksandriachmenev approved these changes

@jhoownogueira jhoownogueira jhoownogueira approved these changes

@Nonines Nonines Nonines approved these changes

@TurtleCode84 TurtleCode84 TurtleCode84 approved these changes

@jemil-neuffer jemil-neuffer jemil-neuffer approved these changes

@tiago-m-rodrigues-alb tiago-m-rodrigues-alb tiago-m-rodrigues-alb approved these changes

@vkumar-forbes vkumar-forbes vkumar-forbes approved these changes

@EbrahimKashif EbrahimKashif EbrahimKashif approved these changes

@SebastianPMaro SebastianPMaro SebastianPMaro approved these changes

@myroslav-amici myroslav-amici myroslav-amici approved these changes

@ValTashkov ValTashkov ValTashkov approved these changes

@kraval-forbesadvisor kraval-forbesadvisor kraval-forbesadvisor approved these changes

@VitorMeloDarwin VitorMeloDarwin VitorMeloDarwin approved these changes

@nicholastingcw nicholastingcw nicholastingcw approved these changes

@YepHereWeGo YepHereWeGo YepHereWeGo approved these changes

@marisuxma marisuxma marisuxma approved these changes

@Coolchickenguy Coolchickenguy Coolchickenguy approved these changes

@Prajwal-P-Churi Prajwal-P-Churi Prajwal-P-Churi approved these changes

@bcimen-neuffer bcimen-neuffer bcimen-neuffer approved these changes

@karl-audi-abi karl-audi-abi karl-audi-abi approved these changes

@simon-bridgeford simon-bridgeford simon-bridgeford approved these changes

@fe-torres-darwin fe-torres-darwin fe-torres-darwin approved these changes

@vini-darwin vini-darwin vini-darwin approved these changes

@WvKuipersVisma WvKuipersVisma WvKuipersVisma approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Server-Side Request Forgery Vulnerability (CVE-2024-39338)