Lucene search
K

14 matches found

UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.5 views

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.6 views

CVE-2026-42038

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for noproxy hostname normalization bypass is incomplete. When noproxy=localhost is set, requests to 127.0.0.1 and ::1 still route through the proxy instead of bypassing it. The shouldBypassProxy...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.7 views

CVE-2026-42037

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF \r\n sequences. An attacker w...

5.3CVSS5.9AI score0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-42038

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for noproxy hostname normalization bypass is incomplete. When noproxy=localhost is set, requests to 127.0.0.1 and ::1 still route through the proxy instead of bypassing it. The shouldBypassProxy...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References3
OSV
OSV
added 2026/04/24 6:16 p.m.10 views

UBUNTU-CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

8.2CVSS5.8AI score0.00611EPSS
Exploits1References3
OSV
OSV
added 2026/04/24 6:16 p.m.5 views

UBUNTU-CVE-2026-42036

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References3
OSV
OSV
added 2026/04/24 6:16 p.m.8 views

UBUNTU-CVE-2026-42039

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/24 6:3 p.m.4 views

CVE-2026-42042

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy...

5.4CVSS5.3AI score0.00228EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:58 p.m.6 views

CVE-2026-42037

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF \r\n sequences. An attacker w...

5.3CVSS5.7AI score0.0024EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:55 p.m.4 views

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

8.2CVSS5.3AI score0.00611EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:49 p.m.5 views

CVE-2026-42044

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

9.1CVSS5.3AI score0.00586EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:38 p.m.8 views

CVE-2026-42035

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.7AI score0.00394EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:36 p.m.3 views

CVE-2026-42033

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

7.4CVSS5.4AI score0.00838EPSS
Exploits1
Akamai Blog
Akamai Blog
added 2021/05/17 2:0 p.m.42 views

Building an A/B Test with EdgeWorkers and EdgeKV

This blog was co-authored by Tim Vereecke, Josh Johnson, and Medhat Yakan This is a blog series about building an A/B test with EdgeWorkers and EdgeKV. Read part two here. When paired with our new EdgeKV distributed key-value database, the Akamai EdgeWorkers serverless platform gives you the...

6.7AI score
Exploits0
Rows per page
Query Builder