NodeJS/axios/1.2.6

Promise based HTTP client for the browser and node.js

Repo Link: https://www.npmjs.com/package/axios
License: MIT

1 Security Vulnerabilities

Axios Cross-Site Request Forgery Vulnerability

Published date: 2023-11-08T21:30:37Z

CVE: CVE-2023-45857

Links:

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Affected versions: ["0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0", "0.19.0-beta.1", "0.19.0", "0.18.1", "0.19.1", "0.19.2", "0.20.0-0", "0.20.0", "0.21.0", "0.21.1", "0.21.2", "0.21.3", "0.21.4", "0.22.0", "0.23.0", "0.24.0", "0.25.0", "0.26.0", "0.26.1", "0.27.0", "0.27.1", "0.27.2", "1.0.0", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.2.0-alpha.1", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.4.0", "1.5.0", "1.5.1"]

Secure versions: [1.0.0-alpha.1, 0.28.0, 0.28.1, 1.7.4, 1.7.5, 1.7.6, 1.7.7]

Recommendation: Update to version 1.7.7.

104 Other Versions

Version	License	Security	Released
0.2.2	MIT	3	2014-09-15 - 03:30	about 10 years
0.2.1	MIT	3	2014-09-12 - 22:57	about 10 years
0.2.0	MIT	3	2014-09-12 - 20:06	about 10 years
0.1.0	MIT	3	2014-08-29 - 23:08	about 10 years