NodeJS/axios/1.2.6
Promise based HTTP client for the browser and node.js
https://www.npmjs.com/package/axios
MIT
1 Security Vulnerabilities
Axios Cross-Site Request Forgery Vulnerability
Published date: 2023-11-08T21:30:37Z
CVE: CVE-2023-45857
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-45857
- https://github.com/axios/axios/issues/6006
- https://github.com/axios/axios/issues/6022
- https://github.com/axios/axios/pull/6028
- https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
- https://github.com/axios/axios/releases/tag/v1.6.0
- https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
- https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
- https://github.com/axios/axios/pull/6091
- https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
- https://github.com/axios/axios/releases/tag/v0.28.0
- https://security.netapp.com/advisory/ntap-20240621-0006
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Affected versions:
["0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0", "0.19.0-beta.1", "0.19.0", "0.18.1", "0.19.1", "0.19.2", "0.20.0-0", "0.20.0", "0.21.0", "0.21.1", "0.21.2", "0.21.3", "0.21.4", "0.22.0", "0.23.0", "0.24.0", "0.25.0", "0.26.0", "0.26.1", "0.27.0", "0.27.1", "0.27.2", "1.0.0", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.2.0-alpha.1", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.4.0", "1.5.0", "1.5.1"]
Secure versions:
[1.0.0-alpha.1, 0.28.0, 0.28.1, 1.7.4, 1.7.5, 1.7.6, 1.7.7]
Recommendation:
Update to version 1.7.7.
104 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.2.2 | MIT | 3 | 2014-09-15 - 03:30 | about 10 years |
0.2.1 | MIT | 3 | 2014-09-12 - 22:57 | about 10 years |
0.2.0 | MIT | 3 | 2014-09-12 - 20:06 | about 10 years |
0.1.0 | MIT | 3 | 2014-08-29 - 23:08 | about 10 years |