Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-tdwz-gg36-mkgs
SummaryAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent('\x00') correctly produces the safe sequence %00, the charMap entry '%00': '\x00' converts it back to a raw null byte. Primary impact is limited because the standard axios request flow is not affected. This vulnerability is fixed in 1.15.1 and 0.31.1.
Aliases
0
alias CVE-2026-42040
Fixed_packages
0
url pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1%3Fdistro=trixie
1
url pkg:deb/debian/node-axios@1.15.2-1
purl pkg:deb/debian/node-axios@1.15.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1
Affected_packages
0
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1
2
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1
3
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1
6
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
7
url pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42040
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08178
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42040
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
3
reference_url https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw
reference_id GHSA-xhjh-pmcv-23jw
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:48:02Z/
url https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw
Weaknesses
0
cwe_id 116
name Improper Encoding or Escaping of Output
description The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
1
cwe_id 626
name Null Byte Interaction Error (Poison Null Byte)
description The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
Exploits
Severity_range_score3.7 - 3.7
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-tdwz-gg36-mkgs