Lucene search
K

6 matches found

UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.5 views

CVE-2026-42037

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF \r\n sequences. An attacker w...

5.3CVSS5.9AI score0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 6:16 p.m.6 views

UBUNTU-CVE-2026-42039

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.4 views

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/24 6:3 p.m.4 views

CVE-2026-42042

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy...

5.4CVSS5.3AI score0.00228EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:49 p.m.5 views

CVE-2026-42044

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

9.1CVSS5.3AI score0.00586EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/04/24 5:38 p.m.8 views

CVE-2026-42035

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.7AI score0.00394EPSS
Exploits1
Rows per page
Query Builder