User-controllable argument DATAVALtoMETHOD passed to Axios via internal handler $INNERFUNC. This could be a server-side request forgery. A user could call a restricted API or leak internal headers to an unauthorized party. Validate your user arguments against an allowlist of known URLs, or consider refactoring so that user-controlled data is not necessary. Likelihood: LOW Confidence: LOW CWE: - CWE-918: Server-Side Request Forgery (SSRF)
OWASP: - A10:2021 - Server-Side Request Forgery (SSRF)