Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-z6xx-7p9v-gqc6
SummaryAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript's in operator — an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () => true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1.
Aliases
0
alias CVE-2026-42041
Fixed_packages
0
url pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1%3Fdistro=trixie
1
url pkg:deb/debian/node-axios@1.15.2-1
purl pkg:deb/debian/node-axios@1.15.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1
Affected_packages
0
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1
1
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1
3
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1
6
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
7
url pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42041
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12226
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42041
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
3
reference_url https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63
reference_id GHSA-w9j2-pvgh-6h63
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:29:47Z/
url https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63
Weaknesses
0
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
1
cwe_id 1321
name Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Exploits
Severity_range_score4.8 - 4.8
Exploitability0.5
Weighted_severity4.3
Risk_score2.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-z6xx-7p9v-gqc6