Lucene search
K

4641 matches found

Cvelist
Cvelist
added 2026/04/24 5:36 p.m.25 views

CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

7.4CVSS0.00838EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 5:36 p.m.51 views

CVE-2026-42033

CVE-2026-42033 affects Axios, a promise-based HTTP client. Before versions 1.15.1 and 0.31.1, if Object.prototype is polluted by another dependency without a hasOwnProperty guard, an attacker could silently intercept/modify every JSON response or hijack the underlying HTTP transport to access cre...

7.4CVSS5.4AI score0.00838EPSS
Exploits1References39Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.6 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 had security vulnerabilities. These vulnerabilities stemmed from the use of the transformResponse function during JSON parsing, where the parseReviver function from the merge configuration object was...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise when Object.prototype is compromised, allowing attackers to silently intercept and modify each JSON response, or completely hijack the...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35052

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description An attacker capable of influencing the target URL of a request can bypass the NO PROXY protection by using any address in the 127.0.0.0/8 range, excluding 127.0.0.1...

10CVSS5.2AI score0.00661EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35053

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise based HTTP client for the browser and Node.js. The library is susceptible to a Prototype Pollution Gadget attack. This occurs because the default transformResponse function cal...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References213
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities allow attackers to influence the target URL of Axios requests, enabling them to bypass the NOPROXY protection by using any address within the...

10CVSS5.8AI score0.00661EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the recursive traversal of nested objects in toFormData, which allows for unlimited depth of nested values. This can lead to Node.js...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35049

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description The toFormData function recursively processes nested objects without a depth limit. Consequently, providing a deeply nested value as request data can cause the Node.js...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References265
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35045

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description For stream request bodies, the maxBodyLength limit is bypassed when maxRedirects is set to 0 using the native http/https transport path. This allows oversized streamed...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the XSRF token protection logic, which uses JavaScript truth/false value semantics instead of strict boolean comparisons. This leads ...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35048

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An incomplete fix for no proxy hostname normalization bypass allows requests to 127.0.0.1 and ::1 to route through a proxy even when no proxy=localhost is configured. Th...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.6 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise from using responseType set to stream, causing Axios to return response streams without enforcing maxContentLength, thereby bypassing the...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.7 views

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.1 and 0.31.1 have code vulnerabilities. These vulnerabilities stem from incomplete fixes for noproxy hostname normalization, allowing requests to 127.0.0.1 and ::1 to still be routed through a proxy...

7.5CVSS5.9AI score0.00301EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35044

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap that reverses the safe percent-encoding of null bytes. While...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.4 views

PT-2026-35051

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description The XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is...

5.4CVSS5.1AI score0.00228EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35046

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description When the responseType variable is set to 'stream', the software returns the response stream without enforcing maxContentLength. This allows unbounded downstream...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35047

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.0 Description The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates the value.type property directly into the Content-Type header of each multipart part without sanitizing CRLF carriage...

5.3CVSS5.9AI score0.0024EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from a character mapping in the encode function, where empty bytes encoded with the security percent symbol are reversed back to origin...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.3 views

PT-2026-35043

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description A prototype pollution gadget exists in the HTTP adapter located in 'lib/adapters/http.js'. This issue occurs due to duck-type checking of the data payload. If...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References6
Rows per page
Query Builder