VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-7rdk-mw2k-eqdx

Essentials
Severities (42)
References (27)
Severity details (28)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7rdk-mw2k-eqdx
Aliases	CVE-2023-45857 GHSA-wf5p-g6vw-rhxx
Summary	Axios Cross-Site Request Forgery Vulnerability An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2023-45857
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
cvssv3.1	6.5	https://github.com/axios/axios
generic_textual	MODERATE	https://github.com/axios/axios
cvssv3.1	6.5	https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
generic_textual	MODERATE	https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
cvssv3.1	6.5	https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
generic_textual	MODERATE	https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
cvssv3.1	6.5	https://github.com/axios/axios/issues/6006
generic_textual	MODERATE	https://github.com/axios/axios/issues/6006
ssvc	Track	https://github.com/axios/axios/issues/6006
cvssv3.1	6.5	https://github.com/axios/axios/issues/6022
generic_textual	MODERATE	https://github.com/axios/axios/issues/6022
cvssv3.1	6.5	https://github.com/axios/axios/pull/6028
generic_textual	MODERATE	https://github.com/axios/axios/pull/6028
cvssv3.1	6.5	https://github.com/axios/axios/pull/6091
generic_textual	MODERATE	https://github.com/axios/axios/pull/6091
cvssv3.1	6.5	https://github.com/axios/axios/releases/tag/v0.28.0
generic_textual	MODERATE	https://github.com/axios/axios/releases/tag/v0.28.0
cvssv3.1	6.5	https://github.com/axios/axios/releases/tag/v1.6.0
generic_textual	MODERATE	https://github.com/axios/axios/releases/tag/v1.6.0
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-45857
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-45857
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240621-0006
ssvc	Track	https://security.netapp.com/advisory/ntap-20240621-0006/
cvssv3.1	6.5	https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
generic_textual	MODERATE	https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-45857
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857
		https://github.com/axios/axios
		https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
		https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
		https://github.com/axios/axios/issues/6006
		https://github.com/axios/axios/issues/6022
		https://github.com/axios/axios/pull/6028
		https://github.com/axios/axios/pull/6091
		https://github.com/axios/axios/releases/tag/v0.28.0
		https://github.com/axios/axios/releases/tag/v1.6.0
		https://security.netapp.com/advisory/ntap-20240621-0006
		https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
1056099		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
2248979		https://bugzilla.redhat.com/show_bug.cgi?id=2248979
CVE-2023-45857		https://nvd.nist.gov/vuln/detail/CVE-2023-45857
GHSA-wf5p-g6vw-rhxx		https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
RHSA-2024:1925		https://access.redhat.com/errata/RHSA-2024:1925
RHSA-2024:3314		https://access.redhat.com/errata/RHSA-2024:3314
RHSA-2024:3316		https://access.redhat.com/errata/RHSA-2024:3316
RHSA-2024:3473		https://access.redhat.com/errata/RHSA-2024:3473
RHSA-2024:3920		https://access.redhat.com/errata/RHSA-2024:3920
RHSA-2024:4269		https://access.redhat.com/errata/RHSA-2024:4269
RHSA-2024:4455		https://access.redhat.com/errata/RHSA-2024:4455
RHSA-2024:5314		https://access.redhat.com/errata/RHSA-2024:5314
RHSA-2025:2876		https://access.redhat.com/errata/RHSA-2025:2876

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/issues/6006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/ Found at https://github.com/axios/axios/issues/6006

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/issues/6022

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/pull/6028

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/pull/6091

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/releases/tag/v0.28.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/axios/axios/releases/tag/v1.6.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/ Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.32842
EPSS Score	0.00132
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:52:04.711334+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2023-45857.yml	38.0.0