ID GHSA-42XW-2XVC-QX8M Type github Reporter GitHub Advisory Database Modified 2020-08-31T18:39:11
Description
Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Upgrade to 0.18.1 or later.
{"id": "GHSA-42XW-2XVC-QX8M", "bulletinFamily": "software", "title": "Denial of Service in axios", "description": "Versions of `axios` prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the `maxContentLength` property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to 0.18.1 or later.", "published": "2019-05-29T18:04:45", "modified": "2020-08-31T18:39:11", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://github.com/advisories/GHSA-42xw-2xvc-qx8m", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2019-10742", "https://github.com/advisories/GHSA-42xw-2xvc-qx8m"], "cvelist": ["CVE-2019-10742"], "type": "github", "lastseen": "2020-08-31T21:57:38", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-10742"]}, {"type": "github", "idList": ["GHSA-42XW-2XVC-QX8M"]}], "modified": "2020-08-31T21:57:38", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-08-31T21:57:38", "rev": 2}, "vulnersScore": 5.2}, "affectedSoftware": [{"name": "axios", "operator": "lt", "version": "0.18.1"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T07:12:47", "description": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-07T19:29:00", "title": "CVE-2019-10742", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10742"], "modified": "2019-05-08T16:04:00", "cpe": ["cpe:/a:axios:axios:0.18.0"], "id": "CVE-2019-10742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10742", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:axios:axios:0.18.0:*:*:*:*:node.js:*:*"]}]}
