CVE-2024-39338: SSRF

Reference Links

• https://nvd.nist.gov/vuln/detail/CVE-2024-39338
• https://github.com/axios/axios/releases
• https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
• https://github.com/axios/axios/issues/6463
• https://github.com/axios/axios/pull/6539
• https://github.com/axios/axios/pull/6543
• https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
• https://github.com/axios/axios/releases/tag/v1.7.4
• https://github.com/advisories/GHSA-8hc4-vh64-cxmj (Advisory)
• https://www.ibm.com/support/pages/node/7182403 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• IBM-7182403

Frequently Asked Questions

• What is the severity of CVE-2024-39338?

  CVE-2024-39338 is classified as a medium severity vulnerability due to its potential for server-side request forgery.

• How do I fix CVE-2024-39338?

  To fix CVE-2024-39338, upgrade axios to version 1.7.4 or later.

• Which versions of axios are affected by CVE-2024-39338?

  Versions of axios from 1.3.2 to 1.7.3 are affected by CVE-2024-39338.

• What is the impact of CVE-2024-39338?

  The impact of CVE-2024-39338 includes the possible exposure of internal systems due to SSRF vulnerabilities.

• Is IBM Analytics Content Hub affected by CVE-2024-39338?

  Yes, IBM Analytics Content Hub versions up to and including 2.0 are affected by CVE-2024-39338.