org.webjars.npm:axios 1.15.1

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:axios package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Prototype Pollution org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution when the `Object.prototype` has been polluted via a different exploit. The following properties in the HTTP adapter configuration may be manipulated, as they do not restrict their own property accesses with `hasOwnProperty`. An attacker can inject `Authorization` headers into the `auth` property, redirect external requests via the `baseURL` property or internal requests via the `socketPath` property, execute callbacks contained in HTTP redirects via the `beforeRedirect` property, or enable insecure HTTP parsing via the `insecureHTTPParser` property. How to fix Prototype Pollution? Upgrade `org.webjars.npm:axios` to version 1.15.2 or higher.	[1.0.0,1.15.2)
H Improperly Controlled Modification of Dynamically-Determined Object Attributes org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the `transformResponse` and request serialization paths in the defaults configuration. An attacker can influence JSON parsing and request handling by supplying a crafted object with inherited `parseReviver`, `responseType`, `transitional`, `env`, or `formSerializer` properties, causing Axios to read attacker-controlled prototype values during response parsing or form encoding. This can lead to malformed response processing, unexpected parser behavior, and application-level data corruption or denial-of-service in code that passes untrusted config objects to Axios. How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes? Upgrade `org.webjars.npm:axios` to version 1.15.2 or higher.	[1.0.0,1.15.2)

Vulnerability

Vulnerable Version

Prototype Pollution

org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Prototype Pollution when the Object.prototype has been polluted via a different exploit. The following properties in the HTTP adapter configuration may be manipulated, as they do not restrict their own property accesses with hasOwnProperty. An attacker can inject Authorization headers into the auth property, redirect external requests via the baseURL property or internal requests via the socketPath property, execute callbacks contained in HTTP redirects via the beforeRedirect property, or enable insecure HTTP parsing via the insecureHTTPParser property.

How to fix Prototype Pollution?

Upgrade org.webjars.npm:axios to version 1.15.2 or higher.

[1.0.0,1.15.2)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaults configuration. An attacker can influence JSON parsing and request handling by supplying a crafted object with inherited parseReviver, responseType, transitional, env, or formSerializer properties, causing Axios to read attacker-controlled prototype values during response parsing or form encoding. This can lead to malformed response processing, unexpected parser behavior, and application-level data corruption or denial-of-service in code that passes untrusted config objects to Axios.

How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes?

Upgrade org.webjars.npm:axios to version 1.15.2 or higher.

[1.0.0,1.15.2)

org.webjars.npm:axios@1.15.1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically