GHSA-XHJH-PMCV-23JW Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

CVE-2026-42040

CVE-2026-42040 concerns Axios, a promise-based HTTP client for browser and Node.js. The vulnerability lies in the encode() function inside lib/helpers/AxiosURLSearchParams.js, where a character map (charMap) erroneously reverses safe percent-encoding of null bytes. Specifically, after encodeURICo...

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

PHPOK d***.in***.php file has an arbitrary file read vulnerability

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. An arbitrary file read vulnerability exists in the PHPOK d.in.php file. An attacker can construct arbitrary file paths to obtain sensitive information by using a reverse-encoding method...

Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Dat...