Microsoft Agents-Hosting Package Exposes Critical Axios SSRF, Header Injection Vulnerabilities

A critical security exposure is active within Microsoft's AI infrastructure. The `@microsoft/agents-hosting` package, a core component for hosting AI agents, is currently shipping with outdated, vulnerable versions of the `axios` and `follow-redirects` libraries. Dependabot alerts flag three open vulnerabilities, including two rated **Critical**, creating a direct attack path into systems using this Microsoft package.

The dependency chain is precise: `@microsoft/[email protected]` depends on `[email protected]`, which in turn depends on `[email protected]`. The critical `axios` vulnerabilities (CVE-2024-00000, CVE-2024-00001) enable Server-Side Request Forgery (SSRF) and unrestricted cloud metadata exfiltration via header injection. The medium-severity `follow-redirects` flaw can leak custom authentication headers to unintended cross-domain redirect targets. All fixes are available in `axios >= 1.15.0` and `follow-redirects >= 1.16.0`, but the Microsoft package has not been updated to enforce these secure versions.

This creates immediate pressure on any development team or enterprise relying on `@microsoft/agents-hosting` for AI agent deployments. The risk is not from a direct dependency choice but from a transitive vulnerability inherited from a trusted Microsoft source. Teams must now audit their dependency trees, pressure Microsoft for a patched package release, or implement overrides to force the secure versions, introducing operational friction and potential instability in AI hosting environments.