axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
{ "nvd_published_at": "2024-08-12T13:38:24Z", "cwe_ids": [ "CWE-918" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-08-12T17:26:43Z" }