Homepage
About Snyk

axios@0.29.0 vulnerabilities

Promise based HTTP client for the browser and node.js

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the axios package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Prototype Pollution via the formDataToJSON function.

How to fix Prototype Pollution?

Upgrade axios to version 1.6.4 or higher.

>=0.28.0 <1.6.4
  • M
Regular Expression Denial of Service (ReDoS)

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can deplete system resources by providing a manipulated string as input to the format method, causing the regular expression to exhibit a time complexity of O(n^2). This makes the server to become unable to provide normal service due to the excessive cost and time wasted in processing vulnerable regular expressions.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade axios to version 1.6.3 or higher.

<1.6.3
Go back to all versions of this package