react-webpack-rails-tutorial icon indicating copy to clipboard operation
react-webpack-rails-tutorial copied to clipboard
verified publisher icon shakacode

Security: Upgrade axios to fix CVE-2021-3749

Open justin808 opened this issue 3 months ago • 0 comments

Security Vulnerability

Package: axios
Current Version: 0.21.1
Vulnerability: CVE-2021-3749 (Regular Expression Denial of Service)
Severity: Moderate

Issue

The current version of axios (0.21.1) has a known security vulnerability:

  • CVE-2021-3749: Regular expression denial of service in trim function
  • CVSS Score: 7.5 (High)

Recommendation

Upgrade axios to version 1.6.0 or later, which includes:

  • Security fixes for multiple CVEs
  • Better TypeScript support
  • Improved error handling
  • Node.js 18+ compatibility

Migration Notes

Axios 1.x has some breaking changes from 0.x:

  • Response data is now accessed via response.data (unchanged)
  • Some internal APIs have changed
  • Default timeout behavior may differ

References

Acceptance Criteria

  • [ ] Upgrade axios to ^1.6.0 or later
  • [ ] Run all tests to verify functionality
  • [ ] Check for any breaking changes in API calls
  • [ ] Update any custom axios configurations if needed

justin808 avatar Oct 03 '25 08:10 justin808