axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
{ "nvd_published_at": "2024-08-12T13:38:24Z", "github_reviewed_at": "2024-08-12T17:26:43Z", "severity": "HIGH", "cwe_ids": [ "CWE-918" ], "github_reviewed": true }