mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-16 11:23:10 +02:00
[Aikido] Fix critical issue in axios via minor version upgrade from 1.13.6 to 1.15.0 in frontend (#6092)
Upgrade axios to fix critical proxy bypass and SSRF vulnerabilities in hostname normalization that could allow attackers to reach protected internal services. ✅ There are no breaking changes <details> <summary>✅ 1 CVE resolved by this upgrade, including 1 critical 🚨 CVE</summary> <br> This PR will resolve the following CVEs: | Issue | Severity | Description | | --- | --- | --- | | <pre>[CVE-2025-62718](https://app.aikido.dev/issues/26490690/detail?groupId=70007#CVE-2025-62718)</pre> | <pre>🚨 CRITICAL</pre> | [axios] Axios fails to properly normalize hostnames when checking NO_PROXY rules, allowing requests to loopback addresses (localhost., [::1]) to bypass proxy protections and reach internal services. This enables proxy bypass and SSRF attacks against protected loopback or internal endpoints. | </details> Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com>
This commit is contained in:
co-authored by
aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com>
parent
11b26755a4
commit
60cc749e6a
@@ -55,7 +55,7 @@
|
||||
"@tauri-apps/plugin-shell": "^2.3.5",
|
||||
"@userback/widget": "^0.3.12",
|
||||
"autoprefixer": "^10.4.21",
|
||||
"axios": "^1.13.2",
|
||||
"axios": "^1.15.0",
|
||||
"d3": "^7.9.0",
|
||||
"globals": "^17.1.0",
|
||||
"i18next": "^25.5.2",
|
||||
|
||||
Reference in New Issue
Block a user