VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ffxn-ay5z-3kdc

Essentials
Severities (80)
References (9)
Severity details (9)
Exploits (0)
EPSS
History (2)

Vulnerability ID	VCID-ffxn-ay5z-3kdc
Aliases	CVE-2024-57965
Summary	In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
Status	Disputed
Exploitability	0.5
Weighted Severity	3.0
Risk	1.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-346

Origin Validation Error

System	Score	Found at
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-57965
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	0	https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
ssvc	Track	https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
cvssv3.1	0	https://github.com/axios/axios/issues/6351
ssvc	Track	https://github.com/axios/axios/issues/6351
cvssv3.1	0	https://github.com/axios/axios/pull/6714
ssvc	Track	https://github.com/axios/axios/pull/6714
cvssv3.1	0	https://github.com/axios/axios/releases/tag/v1.7.8
ssvc	Track	https://github.com/axios/axios/releases/tag/v1.7.8

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-57965
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57965
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0a8d6e19da5b9899a2abafaaa06a75ee548597db		https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
1094731		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094731
6351		https://github.com/axios/axios/issues/6351
6714		https://github.com/axios/axios/pull/6714
CVE-2024-57965		https://nvd.nist.gov/vuln/detail/CVE-2024-57965
v1.7.8		https://github.com/axios/axios/releases/tag/v1.7.8

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N Found at https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:14:16Z/ Found at https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N Found at https://github.com/axios/axios/issues/6351

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:14:16Z/ Found at https://github.com/axios/axios/issues/6351

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N Found at https://github.com/axios/axios/pull/6714

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:14:16Z/ Found at https://github.com/axios/axios/pull/6714

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N Found at https://github.com/axios/axios/releases/tag/v1.7.8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:14:16Z/ Found at https://github.com/axios/axios/releases/tag/v1.7.8

Exploit Prediction Scoring System (EPSS)

Percentile	0.02543
EPSS Score	0.00023
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-20T10:08:45.586446+00:00	NVD CVE Status Improver	Improve	https://cveawg.mitre.org/api/cve/CVE-2024-57965	36.0.0
2025-03-28T07:34:19.876845+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.0.0