Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request. This vulnerability is fixed in 0.31.1 and 1.15.2.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
ProduktRed Hat Ansible Automation Platform 2.6 for RHEL 9
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Advanced Cluster Management for Kubernetes 2.13
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Advanced Cluster Management for Kubernetes 2.14
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Advanced Cluster Security for Kubernetes 4.10
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Advanced Cluster Security for Kubernetes 4.9
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Ansible Automation Platform 2.6
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Container Native Virtualization 4.13
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Container Native Virtualization 4.14
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Developer Hub 1.10
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Developer Hub 1.9
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Discovery 2
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Container Platform 4.15
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Container Platform 4.16
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Container Platform 4.20
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Container Platform 4.21
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Dev Spaces 3.29
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Service Mesh 2.6
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Service Mesh 3.0
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Service Mesh 3.1
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Service Mesh 3.2
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Service Mesh 3.3
Default Statusaffected
HerstellerRed Hat
≫
Produktmulticluster engine for Kubernetes 2.8
Default Statusaffected
HerstellerRed Hat
≫
Produktmulticluster engine for Kubernetes 2.9
Default Statusaffected
HerstellerRed Hat
≫
ProduktMigration Toolkit for Applications 8
Default Statusaffected
HerstellerRed Hat
≫
ProduktMigration Toolkit for Containers
Default Statusaffected
HerstellerRed Hat
≫
ProduktNetwork Observability Operator
Default Statusaffected
HerstellerRed Hat
≫
ProduktOpenShift Pipelines
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat 3scale API Management Platform 2
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat AMQ Broker 7
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Ansible Automation Platform 2
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat build of Apache Camel - HawtIO 4
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat build of Apicurio Registry 3
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Build of Podman Desktop - Tech Preview
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Data Grid 8
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Enterprise Linux AI (RHEL AI) 3
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Fuse 7
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift AI (RHOAI)
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Container Platform 4
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Quay 3
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Trusted Artifact Signer
Default Statusaffected
HerstellerRed Hat
≫
ProduktRed Hat Trusted Profile Analyzer
Default Statusaffected
HerstellerRed Hat
≫
ProduktSelf-service automation portal 2
Default Statusaffected
HerstellerRed Hat
≫
ProduktCryostat 4
Default Statusunaffected
HerstellerRed Hat
≫
ProduktGatekeeper 3
Default Statusunaffected
HerstellerRed Hat
≫
ProduktOpenShift Service Mesh 3
Default Statusunaffected
HerstellerRed Hat
≫
ProduktRed Hat build of Apache Camel for Spring Boot 4
Default Statusunaffected
HerstellerRed Hat
≫
ProduktRed Hat Enterprise Linux 8
Default Statusunaffected
HerstellerRed Hat
≫
ProduktRed Hat Enterprise Linux 9
Default Statusunaffected
HerstellerRed Hat
≫
ProduktRed Hat OpenShift Dev Spaces
Default Statusunaffected
HerstellerRed Hat
≫
ProduktRed Hat Satellite 6
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.