Axios

Axios

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.39%
  • Veröffentlicht 24.04.2026 17:38:07
  • Zuletzt bearbeitet 27.04.2026 19:58:39

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing ...

Exploit
  • EPSS 0.84%
  • Veröffentlicht 24.04.2026 17:36:44
  • Zuletzt bearbeitet 09.07.2026 13:17:06

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently interce...

Medienbericht Exploit
  • EPSS 1.82%
  • Veröffentlicht 10.04.2026 19:23:52
  • Zuletzt bearbeitet 09.07.2026 13:17:04

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitize...

Exploit
  • EPSS 1.19%
  • Veröffentlicht 09.04.2026 14:31:46
  • Zuletzt bearbeitet 09.07.2026 13:16:44

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or...

Exploit
  • EPSS 0.73%
  • Veröffentlicht 08.04.2026 14:25:27
  • Zuletzt bearbeitet 27.04.2026 17:16:43

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through co...

Medienbericht Exploit
  • EPSS 2.59%
  • Veröffentlicht 09.02.2026 20:11:22
  • Zuletzt bearbeitet 09.07.2026 13:16:52

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attack...

Medienbericht Exploit
  • EPSS 1.1%
  • Veröffentlicht 12.09.2025 01:16:40
  • Zuletzt bearbeitet 16.01.2026 15:15:52

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node ht...

Medienbericht Exploit
  • EPSS 0.76%
  • Veröffentlicht 07.03.2025 16:15:38
  • Zuletzt bearbeitet 25.11.2025 17:58:17

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially cau...

Medienbericht
  • EPSS 0.37%
  • Veröffentlicht 29.01.2025 09:15:08
  • Zuletzt bearbeitet 19.09.2025 19:38:55

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message f...

Medienbericht Exploit
  • EPSS 1.41%
  • Veröffentlicht 12.08.2024 13:38:24
  • Zuletzt bearbeitet 23.08.2024 18:35:36

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.