Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gtc3-vrcs-yfb9
SummaryAxios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.
Aliases
0
alias CVE-2026-42044
Fixed_packages
0
url pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1%3Fdistro=trixie
1
url pkg:deb/debian/node-axios@1.15.2-1
purl pkg:deb/debian/node-axios@1.15.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1
Affected_packages
0
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1
1
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1
3
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1
6
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
7
url pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42044
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08451
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42044
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
3
reference_url https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
reference_id GHSA-3w6x-2g7m-8v23
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:11:49Z/
url https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
Weaknesses
0
cwe_id 915
name Improperly Controlled Modification of Dynamically-Determined Object Attributes
description The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
1
cwe_id 1321
name Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Exploits
Severity_range_score6.5 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gtc3-vrcs-yfb9