{"id":"CVE-2020-28168","details":"Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.","aliases":["GHSA-4w2v-q235-vp99"],"modified":"2026-05-18T05:53:26.980499405Z","published":"2020-11-06T20:15:13.163Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*","cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*"],"extracted_events":[{"fixed":"1.0"},{"last_affected":"1.0-sp1"}],"vendor_product":"siemens:sinec_ins"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"},{"type":"REPORT","url":"https://github.com/axios/axios/issues/3369"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/axios/axios","events":[{"introduced":"8d0b92b2678d96770304dd767cd05a59d37f12cf"},{"last_affected":"94ca24b5b23f343769a15f325693246e07c177d2"}],"database_specific":{"extracted_events":[{"introduced":"0.19.0"},{"last_affected":"0.21.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*"}}],"versions":["v0.21.0","v0.20.0","v0.20.0-0","v0.19.2","0.19.1","v0.19.1","v0.19.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28168.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}