Lucene search
K

38 matches found

OSV
OSV
added 2026/06/11 5:16 p.m.3 views

UBUNTU-CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0063EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/11 3:37 p.m.6 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0063EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/11 3:37 p.m.18 views

CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 3:37 p.m.8 views

EUVD-2026-36261

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/04 2:21 p.m.185 views

Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/06/04 2:21 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:21 p.m.6 views

GHSA-777C-7FJR-54VF Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/04 2:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References2
OSV
OSV
added 2026/05/16 11:54 p.m.10 views

MGASA-2026-0146 Updated haproxy packages fix security vulnerability

The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.13 views

Node.js Module axios < 1.15.1 Multiple Vulnerabilities

The version of the axios Node.js module installed on the remote host is prior to 1.15.1. It is, therefore, affected by multiple vulnerabilities: - Prototype pollution gadgets in axios allow response tampering, data exfiltration, and request hijacking. CVE-2026-42033 - Axios' HTTP adapter-streamed...

10CVSS6.6AI score0.01186EPSS
Exploits8References14
RedhatCVE
RedhatCVE
added 2026/05/05 8:58 a.m.13 views

CVE-2026-42034

A flaw was found in Axios. A remote attacker can exploit this vulnerability by sending oversized streamed uploads. This occurs when the maxRedirects setting is configured to 0, which bypasses the maxBodyLength limit for stream request bodies. Consequently, the system will process the full oversiz...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/05/05 12:33 a.m.7 views

NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:33 a.m.12 views

Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

Summary For stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits. Details Relevant flow in lib/adapters/http.js: - 556-564: maxBodyLength check applie...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 12:33 a.m.8 views

EUVD-2026-25601

Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 12:33 a.m.8 views

GHSA-5C9X-8GCM-MPGX Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

Summary For stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits. Details Relevant flow in lib/adapters/http.js: - 556-564: maxBodyLength check applie...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References3
Veracode
Veracode
added 2026/04/30 5:14 a.m.18 views

Stream Request Bypass

Axios is vulnerable to Stream Request Bypass. The vulnerability is due to the bypassing of maxBodyLength when maxRedirects is set to 0 for stream request bodies, where oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS5.2AI score0.00327EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/25 5:50 a.m.6 views

OESA-2026-2085 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

5.8CVSS5.4AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:50 a.m.5 views

OESA-2026-2086 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

5.8CVSS5.4AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body larger than the...

6.9CVSS5.6AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body...

6.9CVSS5.6AI score0.00327EPSS
Exploits1References2
Rows per page
Query Builder