axios icon indicating copy to clipboard operation
axios copied to clipboard

Published 20 hours ago verified publisher icon qiangmao

CVE-2019-10742 (High) detected in axios-0.13.1.js

Open mend-bolt-for-github[bot] opened this issue 2 years ago • 0 comments

CVE-2019-10742 - High Severity Vulnerability

Vulnerable Library - axios-0.13.1.js

Promise based HTTP client for the browser and node.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/axios/0.13.1/axios.js

Path to dependency file: /test/manual/cors.html

Path to vulnerable library: /test/manual/../../dist/axios.js

Dependency Hierarchy:

  • :x: axios-0.13.1.js (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-42xw-2xvc-qx8m

Release Date: 2019-05-07

Fix Resolution: axios - 0.18.1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Mar 10 '23 01:03 mend-bolt-for-github[bot]