933 matches found
NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in parseReviver vulnerability discovered by ? in WordPress Npm axios versions = 1.0.0, 1.15.2...
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 had security vulnerabilities. These vulnerabilities stemmed from the use of the transformResponse function during JSON parsing, where the parseReviver function from the merge configuration object was...
Malicious code in jasmine-iota-apollo-postcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abb148d7fe3af5383c5182391ac79de62170ac8d4404462c54639a8bc134a119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phenomic-gemini-adonis-neptune (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e473e63486e2e3fb28b1c74b916ee10e38ac8e36cf418dc8213946bf8a4a0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-hawkingradiation-rocket-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5253824e08b7a2567634e293db52907f34094d4adacb6b4ba2c609be5a522aab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-firebase-geochronology-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e0281ce62a32de1725eb603807b7890d11f596aecd42507b277a31497e925c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187303 Malicious code in heka-buffer-install-transform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d173a46b2222709ebde51168c15d95d657b1e4e9bdebe6edb1073438c8838fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187641 Malicious code in jupiter-fork-axios-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d618233585daa02221533466a8b12423cd094f4adae74b7a5095bb9e211871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187550 Malicious code in isostasy-ganymede-archaeogenetics-markdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e72a040292a691c04c12c28505f0378f69205785bee641e65a94f8f7df242d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eta-proxy-omicron-theta-sanitize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236c542af2b6ed42542ff27935ed3593b1509125430b4348128a798de5c9fe1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in subduction-pulsar-yaml-janus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fdcdd77876d0905b0625c6064e91a7bcc7cf4dd76d43162bb3a86d9a6a56da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cressida-jwt-loglevel-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lyra-warp-dactyl-interferometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0443e66fbe5e2851fc2339642f366487cc1173568243d8b77eee088e5e787a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hexo-restart-farout-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5247e16048caf71cba989ce7d7576f498fa66a44e6060ab73d416196f8e68e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in air-easy-dog-float-interface (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5383247b85e0c729c376c538e98461587e02a8093897571bde55b8c251dcdfe9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gatsby-await-palynology-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d70de77bf70ec7002d967b917e7a999162d78c5472219f6ee6d07e7dd73baa80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meteor-meissa-airbnb-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in react-bootstrap-phoenix-janus-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bfaac5b13ee3615038f009dd8cc5708e1733b833f6322bcab514c56246a82d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...