Lucene search

K
cvelistMitreCVELIST:CVE-2023-45857
HistoryNov 08, 2023 - 12:00 a.m.

CVE-2023-45857

2023-11-0800:00:00
mitre
www.cve.org
7
axios
xsrf-token
cookies
http header
security issue
information disclosure

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.9%

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.