AIKIDO-2026-10696
mailjet-rest is vulnerable to Server-Side Request Forgery (SSRF)
81
High Risk
This Affects:
mailjet-restTL;DR
The SDK issued HTTP requests without centralized checks on endpoint construction, transport policy, and header composition. Configurable base URLs and dynamic path segments could diverge from HTTPS-only Mailjet hosts, automatic redirects stayed enabled, and header values were not screened for newline characters. Representation and telemetry paths could also surface attacker-shaped strings without sanitization. The update introduces a dedicated guardrails layer that enforces TLS URLs and hostname expectations, disables redirects, validates headers for CRLF sequences, strictly encodes injected path pieces, and hardens logging and string surfaces against misleading content.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
mailjet-rest is vulnerable to Server-Side Request Forgery (SSRF) in versions 1.0.2 - 1.5.1.
How to fix this
Upgrade the mailjet-rest library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant