4 matches found
EUVD-2026-25588
Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking...
Prototype Pollution
Axios is vulnerable to Prototype Pollution. The vulnerability is due to missing hasOwnProperty checks when reading object properties, which allows an attacker to exploit polluted prototypes to intercept and modify JSON responses or hijack HTTP transport, gaining access to sensitive request data...
CVE-2026-42033
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...
PT-2026-35042
Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An issue exists where the software reads keys from Object.prototype without a hasOwnProperty guard. If a co-dependency pollutes the Object.prototype, an attacker can...