We're currently using the latest version of the "Permission by Term" contrib module, and we noticed that it includes Axios v1.7.7 as a dependency. As you may be aware, this version has a known SSRF vulnerability (CVE-2025-27152) related to the allowAbsolu

Created on 12 June 2025, about 2 months ago

We're currently using the latest version of the "Permission by Term" contrib module, and we noticed that it includes Axios v1.7.7 as a dependency. As you may be aware, this version has a known SSRF vulnerability (CVE-2025-27152) related to the allowAbsoluteUrls option.

To ensure continued security, we recommend upgrading to Axios v1.8.3 or later. If feasible, could you please update the dependency in the module or share any plans regarding this?

Happy to assist with testing or contribute a patch if needed.

Thanks for your work on this module!

✨ Feature request

Status

Active

Version

3.1

Component

Code

Created by

🇮🇳India Bhupendra_Raykhere indore mp

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @Bhupendra_Raykhere

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024