4 matches found
ROOT-APP-NPM-CVE-2026-42036 CVE-2026-42036 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42036 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
CVE-2026-42036 vulnerabilities
Vulnerabilities for packages: langfuse, kubeflow-centraldashboard, nextcloud-server, lerna, prism, jitsucom-jitsu, saf, opensearch-dashboards...
CVE-2026-42036
creationtimestamp| type| source ---|---|--- 2026-05-05 00:40:29+00:00| seen| https://gist.github.com/alon710/0dfb4618501419ce7bdb20d2764642a8 2026-05-07 12:01:36+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mlb67fbvpl2f...
CVE-2026-42036
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...