Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 3:33 p.m.10 views

CVE-2026-44495 Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.3AI score0.00495EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 3:33 p.m.1 views

CVE-2026-44495 Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.9AI score0.00495EPSS
Exploits0References30
CVE
CVE
added 2026/06/11 3:33 p.m.120 views

CVE-2026-44495

Axios versions from 0.19.0 through before 0.31.1 and 1.15.2 contain prototype-pollution gadgets in request config processing. If another vulnerability has polluted Object.prototype.transformResponse earlier in the same JS process, the polluted value may be treated as request config or an option v...

7CVSS5.5AI score0.00495EPSS
Exploits0References28
OSV
OSV
added 2026/05/29 4:7 p.m.13 views

GHSA-3G43-6GMG-66JW axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Summary Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request...

7CVSS6.1AI score0.00495EPSS
Exploits0References3
Rows per page
Query Builder