9.8

CVE-2024-57965

Medienbericht
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AxiosAxios SwPlatformnode.js Version < 1.7.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.289
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org 0 2.2 0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
Patch
https://github.com/axios/axios/issues/6351
Issue Tracking
https://github.com/axios/axios/pull/6714
Patch
Issue Tracking
https://github.com/axios/axios/releases/tag/v1.7.8
Release Notes