axios <=1.14.0
Severity: critical
Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF - https://github.com/advisories/GHSA-3p68-rc4w-qgx5
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain - https://github.com/advisories/GHSA-fvcv-3m26-pcqx
Package
@slack/web-api
SDK Version
@slack/[email protected]
Node.js Version
v24
Operating System
No response
Steps to Reproduce
npm install @slack/web-api
Expected Result
No vulnerabilities
Actual Result
critical vulnerability