5 matches found
CVE-2026-44489
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...
CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...
Linux Distros Unpatched Vulnerability : CVE-2026-44489
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are sti...
CVE-2026-44489 vulnerabilities
Vulnerabilities for packages: langfuse, langfuse-fips, kubeflow-centraldashboard, kibana, unleash, opensearch-dashboards-fips, lerna, librechat, opensearch-dashboards, jitsucom-jitsu, prism...
CVE-2026-44489
creationtimestamp| type| source ---|---|--- 2026-05-29 06:31:28+00:00| published-proof-of-concept| https://github.com/axios/axios/security/advisories/GHSA-654m-c8p4-x5fp 2026-06-12 12:01:27+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mo3oxubhy325...