NodeJS/axios/0.16.1


Promise based HTTP client for the browser and node.js

https://www.npmjs.com/package/axios
MIT

4 Security Vulnerabilities

Denial of Service in axios

Published date: 2019-05-29T18:04:45Z
CVE: CVE-2019-10742
Links:

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

Recommendation

Upgrade to 0.18.1 or later.

Affected versions: ["0.1.0", "0.2.0", "0.2.1", "0.2.2", "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.6.0", "0.7.0", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0"]
Secure versions: [1.0.0-alpha.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 0.28.0, 1.6.8]
Recommendation: Update to version 1.6.8.

Axios vulnerable to Server-Side Request Forgery

Published date: 2021-01-04T20:59:40Z
CVE: CVE-2020-28168
Links:

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Affected versions: ["0.1.0", "0.2.0", "0.2.1", "0.2.2", "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.6.0", "0.7.0", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0", "0.19.0-beta.1", "0.19.0", "0.18.1", "0.19.1", "0.19.2", "0.20.0-0", "0.20.0", "0.21.0"]
Secure versions: [1.0.0-alpha.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 0.28.0, 1.6.8]
Recommendation: Update to version 1.6.8.

axios Inefficient Regular Expression Complexity vulnerability

Published date: 2021-09-01T18:23:02Z
CVE: CVE-2021-3749
Links:

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.

Affected versions: ["0.1.0", "0.2.0", "0.2.1", "0.2.2", "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.6.0", "0.7.0", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0", "0.19.0-beta.1", "0.19.0", "0.18.1", "0.19.1", "0.19.2", "0.20.0-0", "0.20.0", "0.21.0", "0.21.1"]
Secure versions: [1.0.0-alpha.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 0.28.0, 1.6.8]
Recommendation: Update to version 1.6.8.

Axios Cross-Site Request Forgery Vulnerability

Published date: 2023-11-08T21:30:37Z
CVE: CVE-2023-45857
Links:

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Affected versions: ["0.8.1", "0.9.0", "0.9.1", "0.10.0", "0.11.0", "0.11.1", "0.12.0", "0.13.0", "0.13.1", "0.14.0", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.16.1", "0.16.2", "0.17.0", "0.17.1", "0.18.0", "0.19.0-beta.1", "0.19.0", "0.18.1", "0.19.1", "0.19.2", "0.20.0-0", "0.20.0", "0.21.0", "0.21.1", "0.21.2", "0.21.3", "0.21.4", "0.22.0", "0.23.0", "0.24.0", "0.25.0", "0.26.0", "0.26.1", "0.27.0", "0.27.1", "0.27.2", "1.0.0", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.2.0-alpha.1", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.4.0", "1.5.0", "1.5.1"]
Secure versions: [1.0.0-alpha.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 0.28.0, 1.6.8]
Recommendation: Update to version 1.6.8.

92 Other Versions

Version License Security Released
1.6.8 MIT 2024-03-15 - 16:32 13 days
1.6.7 MIT 2024-01-25 - 19:58 2 months
1.6.6 MIT 2024-01-24 - 23:12 2 months
1.6.5 MIT 2024-01-05 - 19:52 3 months
1.6.4 MIT 2024-01-03 - 22:10 3 months
1.6.3 MIT 2023-12-26 - 23:16 3 months
1.6.2 MIT 2023-11-14 - 20:36 4 months
1.6.1 MIT 2023-11-08 - 15:09 5 months
1.6.0 MIT 2023-10-26 - 21:15 5 months
1.5.1 MIT 1 2023-09-26 - 18:22 6 months
1.5.0 MIT 1 2023-08-26 - 19:10 7 months
1.4.0 MIT 1 2023-04-27 - 23:05 11 months
1.3.6 MIT 1 2023-04-19 - 19:38 11 months
1.3.5 MIT 1 2023-04-05 - 18:03 12 months
1.3.4 MIT 1 2023-02-22 - 21:06 about 1 year
1.3.3 MIT 1 2023-02-13 - 18:47 about 1 year
1.3.2 MIT 1 2023-02-03 - 18:10 about 1 year
1.3.1 MIT 1 2023-02-01 - 23:31 about 1 year
1.3.0 MIT 1 2023-01-31 - 16:55 about 1 year
1.2.6 MIT 1 2023-01-28 - 16:41 about 1 year
1.2.5 MIT 1 2023-01-26 - 15:06 about 1 year
1.2.4 MIT 1 2023-01-24 - 17:21 about 1 year
1.2.3 MIT 1 2023-01-17 - 17:56 about 1 year
1.2.2 MIT 1 2022-12-29 - 06:38 about 1 year
1.2.1 MIT 1 2022-12-05 - 19:39 over 1 year
1.2.0 MIT 1 2022-11-22 - 19:06 over 1 year
1.2.0-alpha.1 MIT 1 2022-11-10 - 19:06 over 1 year
1.1.3 MIT 1 2022-10-15 - 13:42 over 1 year
1.1.2 MIT 1 2022-10-07 - 10:14 over 1 year
1.1.1 MIT 1 2022-10-07 - 09:15 over 1 year
1.1.0 MIT 1 2022-10-06 - 19:19 over 1 year
1.0.0 MIT 1 2022-10-04 - 19:24 over 1 year
1.0.0-alpha.1 MIT 2022-05-31 - 19:23 almost 2 years
0.28.0 MIT 2024-02-12 - 18:38 about 1 month
0.27.2 MIT 1 2022-04-27 - 10:00 almost 2 years
0.27.1 MIT 1 2022-04-26 - 07:36 almost 2 years
0.27.0 MIT 1 2022-04-25 - 16:42 almost 2 years
0.26.1 MIT 1 2022-03-09 - 17:13 about 2 years
0.26.0 MIT 1 2022-02-13 - 14:22 about 2 years
0.25.0 MIT 1 2022-01-18 - 07:14 about 2 years
0.24.0 MIT 1 2021-10-25 - 17:51 over 2 years
0.23.0 MIT 1 2021-10-12 - 15:37 over 2 years
0.22.0 MIT 1 2021-10-01 - 05:54 over 2 years
0.21.4 MIT 1 2021-09-06 - 15:35 over 2 years
0.21.3 MIT 1 2021-09-04 - 19:05 over 2 years
0.21.2 MIT 1 2021-09-04 - 10:18 over 2 years
0.21.1 MIT 2 2020-12-22 - 04:20 over 3 years
0.21.0 MIT 3 2020-10-23 - 16:27 over 3 years
0.20.0 MIT 3 2020-08-21 - 03:12 over 3 years
0.20.0-0 MIT 3 2020-07-15 - 16:07 over 3 years
0.19.2 MIT 3 2020-01-22 - 04:25 about 4 years
0.19.1 MIT 3 2020-01-07 - 17:23 about 4 years
0.19.0 MIT 3 2019-05-30 - 16:13 almost 5 years
0.19.0-beta.1 MIT 3 2018-08-09 - 18:44 over 5 years
0.18.1 MIT 3 2019-06-01 - 00:46 almost 5 years
0.18.0 MIT 4 2018-02-19 - 23:28 about 6 years
0.17.1 MIT 4 2017-11-11 - 23:24 over 6 years
0.17.0 MIT 4 2017-10-21 - 18:01 over 6 years
0.16.2 MIT 4 2017-06-03 - 19:29 almost 7 years
0.16.1 MIT 4 2017-04-08 - 18:51 almost 7 years
0.16.0 MIT 4 2017-04-01 - 02:31 almost 7 years
0.15.3 MIT 4 2016-11-27 - 21:59 over 7 years
0.15.2 MIT 4 2016-10-18 - 01:33 over 7 years
0.15.1 MIT 4 2016-10-15 - 06:39 over 7 years
0.15.0 MIT 4 2016-10-11 - 04:40 over 7 years
0.14.0 MIT 4 2016-08-27 - 18:30 over 7 years
0.13.1 MIT 4 2016-07-16 - 17:13 over 7 years
0.13.0 MIT 4 2016-07-13 - 19:42 over 7 years
0.12.0 MIT 4 2016-06-01 - 05:22 almost 8 years
0.11.1 MIT 4 2016-05-17 - 15:59 almost 8 years
0.11.0 MIT 4 2016-04-27 - 04:19 almost 8 years
0.10.0 MIT 4 2016-04-21 - 04:52 almost 8 years
0.9.1 MIT 4 2016-01-24 - 22:19 about 8 years
0.9.0 MIT 4 2016-01-18 - 18:19 about 8 years
0.8.1 MIT 4 2015-12-15 - 03:44 over 8 years
0.8.0 MIT 3 2015-12-11 - 19:09 over 8 years
0.7.0 MIT 3 2015-09-29 - 06:36 over 8 years
0.6.0 MIT 3 2015-09-21 - 20:20 over 8 years
0.5.4 MIT 3 2015-04-08 - 18:49 almost 9 years
0.5.3 MIT 3 2015-04-08 - 03:01 almost 9 years
0.5.2 MIT 3 2015-03-13 - 23:14 about 9 years
0.5.1 MIT 3 2015-03-10 - 20:47 about 9 years
0.5.0 MIT 3 2015-01-23 - 10:15 about 9 years
0.4.2 MIT 3 2014-12-11 - 07:14 over 9 years
0.4.1 MIT 3 2014-10-15 - 18:19 over 9 years
0.4.0 MIT 3 2014-10-05 - 23:55 over 9 years
0.3.1 MIT 3 2014-09-17 - 00:31 over 9 years
0.3.0 MIT 3 2014-09-16 - 18:20 over 9 years
0.2.2 MIT 3 2014-09-15 - 03:30 over 9 years
0.2.1 MIT 3 2014-09-12 - 22:57 over 9 years
0.2.0 MIT 3 2014-09-12 - 20:06 over 9 years
0.1.0 MIT 3 2014-08-29 - 23:08 over 9 years