5 matches found
Prototype Pollution
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution in the request configuration merge process. An attacker can access sensitive request configuration data, including authentication credentials and...
Prototype Pollution
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution in the request configuration merge process. An attacker can access sensitive request configuration data, including authentication...
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
Summary Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaults configuration...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaul...