1.7.9
10 years ago
17 days ago
Known vulnerabilities in the axios package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via How to fix Cross-site Scripting (XSS)? Upgrade | <1.7.8 |
axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can deplete system resources by providing a manipulated string as input to the format method, causing the regular expression to exhibit a time complexity of How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | <0.29.0>=1.0.0 <1.6.3 |
axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to inserting the How to fix Cross-site Request Forgery (CSRF)? Upgrade | >=0.8.1 <0.28.0>=1.0.0 <1.6.0 |
axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | <0.21.3 |
axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. How to fix Server-Side Request Forgery (SSRF)? Upgrade | <0.21.1 |