Lucene search
K

4 matches found

OSV
OSV
added 2026/05/05 12:20 a.m.4 views

GHSA-PMWG-CVHR-8VH7 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Executive Summary This report documents an incomplete security patch for the previously disclosed vulnerability GHSA-3p68-rc4w-qgx5 CVE-2025-62718, which affects the NOPROXY hostname resolution logic in the Axios HTTP library. Background — The Original Vulnerability The original vulnerability...

7.2CVSS5.9AI score0.00661EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:54 p.m.9 views

CVE-2026-42043

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...

9.9CVSS5.3AI score0.01186EPSS
Exploits2References2Affected Software1
OpenVAS
OpenVAS
added 2025/09/25 12:0 a.m.3 views

Configure the iptables Policies for Loopback Properly

The loopback address 127.0.0.0/8 is a special address on a server. It is irrelevant to NICs and is mainly used for the inter-process communication of a local device. Packets with the source address 127.0.0.0/8 from NICs should be discarded. If policies related to the loopback address are improper...

6.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Configure the iptables Policies for Loopback Properly

The loopback address 127.0.0.0/8 is a special address on a server. It is irrelevant to NICs and is mainly used for the inter-process communication of a local device. Packets with the source address 127.0.0.0/8 from NICs should be discarded. If policies related to the loopback address are improper...

6.8AI score
Exploits0References2
Rows per page
Query Builder