Server-Side Request Forgery in axios #1942
Comments
|
There's pretty much nothing Inertia can do about this, since a fix for axios hasn't been released yet. Inertia's requirements would make it that the latest version is automatically installed Also, the issue has to do with SSRF, so Inertia wouldn't be vulnerable, since it doesn't run on the server and therefor isn't susceptible to SSRF. Inertia only uses Axios client-side. |
|
Audits don't account for production, it defaults to development. You'll (hopefully) get |
|
@RobertBoes axios has now released a fix for this in 1.7.4: https://github.com/axios/axios/releases/tag/v1.7.4 |
|
@ladiladi A PR to update the dependency has been submitted here #1946 But Inertia's requirement of |
|
Closed my PR #1946 |
npm audit report
axios >=1.3.2
Severity: high
Server-Side Request Forgery in axios - GHSA-8hc4-vh64-cxmj
node_modules/axios
@inertiajs/core >=1.0.15
Depends on vulnerable versions of axios
node_modules/@inertiajs/core
@inertiajs/vue3 >=1.0.15
Depends on vulnerable versions of @inertiajs/core
node_modules/@inertiajs/vue3
3 high severity vulnerabilities
The text was updated successfully, but these errors were encountered: