axios-middleware [SECURITY] Axios Cross-Site Request Forgery Vulnerability

[SECURITY] Axios Cross-Site Request Forgery Vulnerability

Open marvingreeven opened this issue 7 months ago • 0 comments

Description

Dependency axios got Cross-Site Request Forgery Vulnerability Need to update to >=1.6.0

Currently peer axios is pinned to">=0.17.1 <1.2.0" from [email protected]

Logs

npm audit --omit=dev

"axios": {
      "name": "axios",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097680,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-3[52](https://code.siemens.com/theone/comos/common-components/object-properties/actions-administration/-/jobs/197133255#L52)"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=1.0.0 <1.6.0"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.5.1",
      "nodes": [
        "node_modules/@elsa-workflows/elsa-workflows-studio/node_modules/axios"
      ],
      "fixAvailable": true
    },

Jul 10 '24 13:07 marvingreeven

axios-middleware axios-middleware copied to clipboard

[SECURITY] Axios Cross-Site Request Forgery Vulnerability

Description

Logs

axios-middleware
axios-middleware copied to clipboard