453 matches found
CVE-2026-42039
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...
GHSA-62HF-57XW-28J9 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Summary toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. Details lib/helpers/toFormData.js:210 defines an inner buildvalue, path that recurses into every object/array child line 225:...
EUVD-2026-25605
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...
Uncontrolled Recursion
Axios is vulnerable to uncontrolled recursion. The vulnerability is due to the toFormData function recursively processing deeply nested objects without a depth limit, which allows an attacker to supply specially crafted input that triggers a stack overflow and crashes the Node.js process...
Linux Distros Unpatched Vulnerability : CVE-2026-42039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, s...
SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:1596-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1596-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncati...
Uncontrolled Recursion
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion through the toFormData recursive serializer in lib/helpers/toFormData.js. An attacker can crash a process by supplying a deeply nested object as...
CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...
CVE-2026-42039
CVE-2026-42039 affects Axios’ toFormData function, where passing deeply nested request data can trigger unbounded recursion and crash the Node.js process with a RangeError. Affected versions are before 1.15.1 and 0.31.1; remediation is to upgrade to 1.15.1 or 0.31.1. The vulnerability impacts Axi...
Uncontrolled Recursion
Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...
Uncontrolled Recursion
Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...
Uncontrolled Recursion
Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324
Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...