Lucene search
K

4638 matches found

Debian CVE
Debian CVE
added 2026/04/09 2:31 p.m.2 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.3AI score0.01186EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/09 2:31 p.m.2 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

6.3CVSS5.7AI score0.01186EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:31 p.m.4 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the...

9.3CVSS5.8AI score0.01186EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:31 p.m.20 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

6.3CVSS0.01186EPSS
Exploits1References9
CVE
CVE
added 2026/04/09 2:31 p.m.697 views

CVE-2025-62718

Axios prior to 1.15.0 has a hostname normalization flaw when evaluating NO_PROXY rules. Requests to loopback addresses (e.g., localhost with a trailing dot or IPv6 [::1]) can bypass NO_PROXY and be routed through the configured proxy. This bypass enables potential proxy circumvention and SSRF aga...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References41Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-32030

Name of the Vulnerable Software and Affected Versions axios versions prior to 1.15.0 axios versions prior to 0.3.1 Description The axios library is vulnerable to a gadget attack chain where prototype pollution in any third-party dependency can be escalated. This occurs because the library does no...

10CVSS6.6AI score0.01815EPSS
Exploits5References264
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31616

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.0 Axios versions prior to 1.15.0 Description Axios does not correctly handle hostname normalization when checking NO PROXY rules. Because the software performs a literal string comparison instead of normalizing...

9.9CVSS7.1AI score0.01186EPSS
Exploits1References285
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.5 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.0 contained a security vulnerability, which was caused by improper handling of hostname normalization. This vulnerability could lead to proxy bypassing and server-side request forge attacks...

9.9CVSS6.6AI score0.01186EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/04/08 5:6 p.m.2 views

CVE-2026-39865

A flaw was found in Axios, a promise-based HTTP client. A malicious server can exploit a state corruption bug within the HTTP/2 session cleanup logic, specifically in the Http2Sessions.getSession method. By initiating concurrent session closures, the server can trigger a control flow error, leadi...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 3:51 p.m.8 views

Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Summary Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. This denial-of-service vulnerability affects axios versions prior to 1.13.2 when HTTP/2 is enabled. Details The vulnerability...

5.9CVSS5.9AI score0.00731EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/08 3:51 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause the client process...

8.2CVSS5.8AI score0.00731EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 3:51 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause th...

8.2CVSS5.8AI score0.00731EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 3:51 p.m.3 views

EUVD-2026-20501

Axios HTTP/2 Session Cleanup State Corruption Vulnerability...

5.9CVSS5.9AI score0.00731EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 3:51 p.m.2 views

GHSA-QJ83-CQ47-W5F8 Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Summary Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. This denial-of-service vulnerability affects axios versions prior to 1.13.2 when HTTP/2 is enabled. Details The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References5
NVD
NVD
added 2026/04/08 3:16 p.m.5 views

CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS0.00731EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 3:16 p.m.2 views

DEBIAN-CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.5AI score0.00731EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/08 3:16 p.m.3 views

CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 3:16 p.m.4 views

UBUNTU-CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/08 2:25 p.m.2 views

CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:25 p.m.6 views

CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder