CVE-2024-39338: SSRF

Q: What is the severity of CVE-2024-39338?

CVE-2024-39338 is classified as a medium severity vulnerability due to its potential for server-side request forgery.

Q: How do I fix CVE-2024-39338?

To fix CVE-2024-39338, upgrade axios to version 1.7.4 or later.

Q: Which versions of axios are affected by CVE-2024-39338?

Versions of axios from 1.3.2 to 1.7.3 are affected by CVE-2024-39338.

Q: What is the impact of CVE-2024-39338?

The impact of CVE-2024-39338 includes the possible exposure of internal systems due to SSRF vulnerabilities.

Q: Is IBM Analytics Content Hub affected by CVE-2024-39338?

Yes, IBM Analytics Content Hub versions up to and including 2.0 are affected by CVE-2024-39338.

Published Aug 9, 2024

Updated

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Affected Software

3 affected componentsFixes available

npm/axios>=1.3.2<=1.7.3

1.7.4

Axios Axios Node.js>=1.3.2<1.7.4

IBM Concert Software<=1.0.0-2.1.0

Event History

Aug 9, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Aug 12, 2024

Advisory Published

via GitHub·03:30 PM

Feb 10, 2026

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Frequently Asked Questions

What is the severity of CVE-2024-39338?

CVE-2024-39338 is classified as a medium severity vulnerability due to its potential for server-side request forgery.

How do I fix CVE-2024-39338?

To fix CVE-2024-39338, upgrade axios to version 1.7.4 or later.

Which versions of axios are affected by CVE-2024-39338?

Versions of axios from 1.3.2 to 1.7.3 are affected by CVE-2024-39338.

What is the impact of CVE-2024-39338?

The impact of CVE-2024-39338 includes the possible exposure of internal systems due to SSRF vulnerabilities.

Is IBM Analytics Content Hub affected by CVE-2024-39338?

Yes, IBM Analytics Content Hub versions up to and including 2.0 are affected by CVE-2024-39338.

CVSS Score

4.0Medium

Medium Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Security Metrics

Risk Score45

Severityhigh(7.5)

CWE

918

Timeline

PublishedAug 9, 2024

Updated

References

Parent Advisories

IBM-7260161

Tags

agent/typeagent/first-publish-dateagent/authoragent/weaknesscollector/github-advisory-latestsource/GitHubalias/GHSA-8hc4-vh64-cxmjalias/CVE-2024-39338agent/software-canonical-lookupcollector/mitre-cvesource/MITREagent/severitycollector/github-advisoryagent/trendingagent/descriptionagent/sourcecollector/nvd-cvesource/NVDagent/software-canonical-lookup-requestcollector/nvd-apiagent/risk-scorecollector/ibm-supportsource/IBMagent/last-modified-dateagent/referencesagent/tagsagent/eventagent/softwarecombinepackage-manager/npmvendor/axioscanonical/axios axios node.jsversion/axios axios node.js/1.3.2vendor/ibmcanonical/ibm concert softwareversion/ibm concert software/1.0.0-2.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.