4 matches found
CVE-2026-41484
The CVE concerns OpenTelemetry.Exporter.OneCollector for .NET. In versions ≤1.15.0, HttpJsonPostTransport reads the full response body on non-200 HTTP responses, enabling a potential denial-of-service via unbounded memory allocation if the back-end endpoint or an interceptor returns an arbitraril...
CVE-2026-42034
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...
PT-2026-35042
Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An issue exists where the software reads keys from Object.prototype without a hasOwnProperty guard. If a co-dependency pollutes the Object.prototype, an attacker can...