Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 3:37 p.m.19 views

CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 3:37 p.m.8 views

EUVD-2026-36261

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/04 2:21 p.m.185 views

Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/06/04 2:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/05 8:58 a.m.14 views

CVE-2026-42034

A flaw was found in Axios. A remote attacker can exploit this vulnerability by sending oversized streamed uploads. This occurs when the maxRedirects setting is configured to 0, which bypasses the maxBodyLength limit for stream request bodies. Consequently, the system will process the full oversiz...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/05/05 12:33 a.m.7 views

NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/24 7:20 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body...

6.9CVSS5.6AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 6:16 p.m.4 views

CVE-2026-42034

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS0.00327EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 5:59 p.m.29 views

CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS0.00327EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise when maxRedirects is set to 0, allowing for bypassing of the maxBodyLength field in stream requests, resulting in the complete transmissi...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35045

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description For stream request bodies, the maxBodyLength limit is bypassed when maxRedirects is set to 0 using the native http/https transport path. This allows oversized streamed...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References7
Rows per page
Query Builder