CVE-2026-44486
- EPSS 0.55%
- Veröffentlicht 11.06.2026 15:39:07
- Zuletzt bearbeitet 09.07.2026 13:17:17
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axi...
CVE-2026-44487
- EPSS 0.69%
- Veröffentlicht 11.06.2026 15:38:25
- Zuletzt bearbeitet 09.07.2026 13:17:17
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects No...
CVE-2026-44488
- EPSS 0.63%
- Veröffentlicht 11.06.2026 15:37:38
- Zuletzt bearbeitet 09.07.2026 13:17:18
Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fet...
CVE-2026-44490
- EPSS 0.29%
- Veröffentlicht 11.06.2026 15:36:13
- Zuletzt bearbeitet 15.06.2026 16:31:41
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merg...
CVE-2026-44496
- EPSS 0.65%
- Veröffentlicht 11.06.2026 15:34:28
- Zuletzt bearbeitet 09.07.2026 13:17:19
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In...
- EPSS 0.5%
- Veröffentlicht 11.06.2026 15:33:12
- Zuletzt bearbeitet 09.07.2026 13:17:18
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already po...
CVE-2026-44494
- EPSS 1.04%
- Veröffentlicht 11.06.2026 15:32:03
- Zuletzt bearbeitet 09.07.2026 13:17:18
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to...
CVE-2026-44489
- EPSS 0.23%
- Veröffentlicht 11.06.2026 15:30:44
- Zuletzt bearbeitet 15.06.2026 16:13:19
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain. The setProxy() functi...
CVE-2026-44492
- EPSS 0.92%
- Veröffentlicht 11.06.2026 15:29:13
- Zuletzt bearbeitet 09.07.2026 13:17:18
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-...
CVE-2026-42264
- EPSS 0.55%
- Veröffentlicht 08.05.2026 03:20:24
- Zuletzt bearbeitet 08.07.2026 13:16:43
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct propert...