2 matches found
CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy...
CVE-2025-62718
creationtimestamp| type| source ---|---|--- 2026-04-09 16:39:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ap6fdyn2z 2026-04-09 17:32:19+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3p68-rc4w-qgx5 2026-04-10 05:55:04+00:00| seen|...