Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/04/24 6:0 p.m.34 views

CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

5.3CVSS0.00421EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 6:0 p.m.33 views

CVE-2026-42036

Axios is affected when using responseType: 'stream' prior to v1.15.1 and v0.31.1, where the HTTP client returns the response stream without enforcing maxContentLength. This allows unbounded downstream consumption and bypasses configured response-size limits. The issue is fixed in v1.15.1 and v0.3...

5.3CVSS5.3AI score0.00421EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 6:0 p.m.8 views

CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

5.3CVSS5.2AI score0.00421EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 6:0 p.m.1 views

CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

5.3CVSS6AI score0.00421EPSS
Exploits1References3
Rows per page
Query Builder