16 matches found
Security Bulletin: Multiple vulnerabilties in IBM Rational Functional Tester / DevOps Test UI
Summary Multiple vulnerabilities were addressed in DevOps Test UI version 11.0.7 Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...
solspace/craft-freeform Has a DoS Vulnerability
Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...
GHSA-58Q2-9X27-H2JM solspace/craft-freeform Has a DoS Vulnerability
Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...
Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios
Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754.
Summary IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client fo...
DoS (Denial of Service) axios Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) axios Dependency in Jira Software Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)
Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...
Security Bulletin: Multiple Vulnerabilities in IBM QRadar Deployment Intelligence app
Summary Multiple vulnerabilities were addressed in IBM QRadar Deployment Intelligence app 3.0.19 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...
Security Bulletin: URI Handling Vulnerability Causes Unbounded Memory Allocation (DoS)
Summary Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and return...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.j...
Security Bulletin: IBM DataPower vulnerable to a Denial of Service due to Axios (CVE-2025-58754)
Summary Axios is used in the UI of IBM DataPower and in the gateway director component. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2...
CVE-2025-58754 vulnerabilities
Vulnerabilities for packages: lerna, grafana-image-renderer, prism, kibana, kubeflow-pipelines, jitsucom-jitsu, opensearch-dashboards, airflow, langfuse, tileserver-gl-fips, kubeflow-centraldashboard, saf, redisinsight, opensearch-dashboards-fips, tileserver-gl...
CVE-2025-58754
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
@0xjwlabs/discord-rpc (=0.1.0), @0xsquid/react-hooks (>=1.0.0 <=2.0.0) +690 more potentially affected by CVE-2025-58754 via axios (>=0.28.0 <=0.30.1)
axios NPM version =0.28.0, =1.0.0, =3.0.0-beta.0, =2.10.1, =1.0.0, =0.1.0, =13.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =16.5.4 and more Source cves: CVE-2025-58754 Source advisory: OSV:GHSA-4HJH-WCWX-XVWJ...