NodeJS/axios/0.5.2
Promise based HTTP client for the browser and node.js
https://www.npmjs.com/package/axios
MIT
3 Security Vulnerabilities
Denial of Service in axios
- https://nvd.nist.gov/vuln/detail/CVE-2019-10742
- https://github.com/advisories/GHSA-42xw-2xvc-qx8m
- https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://github.com/axios/axios/issues/1098
- https://github.com/axios/axios/pull/1485
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://www.npmjs.com/advisories/880
- https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
Versions of axios
prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength
property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Upgrade to 0.18.1 or later.
Axios vulnerable to Server-Side Request Forgery
- https://nvd.nist.gov/vuln/detail/CVE-2020-28168
- https://github.com/advisories/GHSA-4w2v-q235-vp99
- https://github.com/axios/axios/issues/3369
- https://github.com/axios/axios/commit/c7329fefc890050edd51e40e469a154d0117fc55
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://www.npmjs.com/package/axios
- https://www.npmjs.com/advisories/1594
- https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
axios Inefficient Regular Expression Complexity vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-3749
- https://github.com/advisories/GHSA-cph5-m8f7-6c5x
- https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
- https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31
- https://www.npmjs.com/package/axios
- https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E
- https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.
94 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.1.0 | MIT | 3 | 2014-08-29 - 23:08 | over 9 years |
0.2.0 | MIT | 3 | 2014-09-12 - 20:06 | over 9 years |
0.2.1 | MIT | 3 | 2014-09-12 - 22:57 | over 9 years |
0.2.2 | MIT | 3 | 2014-09-15 - 03:30 | over 9 years |
0.3.0 | MIT | 3 | 2014-09-16 - 18:20 | over 9 years |
0.3.1 | MIT | 3 | 2014-09-17 - 00:31 | over 9 years |
0.4.0 | MIT | 3 | 2014-10-05 - 23:55 | over 9 years |
0.4.1 | MIT | 3 | 2014-10-15 - 18:19 | over 9 years |
0.4.2 | MIT | 3 | 2014-12-11 - 07:14 | over 9 years |
0.5.0 | MIT | 3 | 2015-01-23 - 10:15 | over 9 years |
0.5.1 | MIT | 3 | 2015-03-10 - 20:47 | about 9 years |
0.5.2 | MIT | 3 | 2015-03-13 - 23:14 | about 9 years |
0.5.3 | MIT | 3 | 2015-04-08 - 03:01 | about 9 years |
0.5.4 | MIT | 3 | 2015-04-08 - 18:49 | about 9 years |
0.6.0 | MIT | 3 | 2015-09-21 - 20:20 | over 8 years |
0.7.0 | MIT | 3 | 2015-09-29 - 06:36 | over 8 years |
0.8.0 | MIT | 3 | 2015-12-11 - 19:09 | over 8 years |
0.8.1 | MIT | 4 | 2015-12-15 - 03:44 | over 8 years |
0.9.0 | MIT | 4 | 2016-01-18 - 18:19 | over 8 years |
0.9.1 | MIT | 4 | 2016-01-24 - 22:19 | over 8 years |
0.10.0 | MIT | 4 | 2016-04-21 - 04:52 | about 8 years |
0.11.0 | MIT | 4 | 2016-04-27 - 04:19 | about 8 years |
0.11.1 | MIT | 4 | 2016-05-17 - 15:59 | almost 8 years |
0.12.0 | MIT | 4 | 2016-06-01 - 05:22 | almost 8 years |
0.13.0 | MIT | 4 | 2016-07-13 - 19:42 | almost 8 years |
0.13.1 | MIT | 4 | 2016-07-16 - 17:13 | almost 8 years |
0.14.0 | MIT | 4 | 2016-08-27 - 18:30 | over 7 years |
0.15.0 | MIT | 4 | 2016-10-11 - 04:40 | over 7 years |
0.15.1 | MIT | 4 | 2016-10-15 - 06:39 | over 7 years |
0.15.2 | MIT | 4 | 2016-10-18 - 01:33 | over 7 years |
0.15.3 | MIT | 4 | 2016-11-27 - 21:59 | over 7 years |
0.16.0 | MIT | 4 | 2017-04-01 - 02:31 | about 7 years |
0.16.1 | MIT | 4 | 2017-04-08 - 18:51 | about 7 years |
0.16.2 | MIT | 4 | 2017-06-03 - 19:29 | almost 7 years |
0.17.0 | MIT | 4 | 2017-10-21 - 18:01 | over 6 years |
0.17.1 | MIT | 4 | 2017-11-11 - 23:24 | over 6 years |
0.18.0 | MIT | 4 | 2018-02-19 - 23:28 | about 6 years |
0.19.0-beta.1 | MIT | 3 | 2018-08-09 - 18:44 | over 5 years |
0.19.0 | MIT | 3 | 2019-05-30 - 16:13 | almost 5 years |
0.18.1 | MIT | 3 | 2019-06-01 - 00:46 | almost 5 years |
0.19.1 | MIT | 3 | 2020-01-07 - 17:23 | over 4 years |
0.19.2 | MIT | 3 | 2020-01-22 - 04:25 | over 4 years |
0.20.0-0 | MIT | 3 | 2020-07-15 - 16:07 | almost 4 years |
0.20.0 | MIT | 3 | 2020-08-21 - 03:12 | over 3 years |
0.21.0 | MIT | 3 | 2020-10-23 - 16:27 | over 3 years |
0.21.1 | MIT | 2 | 2020-12-22 - 04:20 | over 3 years |
0.21.2 | MIT | 1 | 2021-09-04 - 10:18 | over 2 years |
0.21.3 | MIT | 1 | 2021-09-04 - 19:05 | over 2 years |
0.21.4 | MIT | 1 | 2021-09-06 - 15:35 | over 2 years |
0.22.0 | MIT | 1 | 2021-10-01 - 05:54 | over 2 years |
0.23.0 | MIT | 1 | 2021-10-12 - 15:37 | over 2 years |
0.24.0 | MIT | 1 | 2021-10-25 - 17:51 | over 2 years |
0.25.0 | MIT | 1 | 2022-01-18 - 07:14 | over 2 years |
0.26.0 | MIT | 1 | 2022-02-13 - 14:22 | about 2 years |
0.26.1 | MIT | 1 | 2022-03-09 - 17:13 | about 2 years |
0.27.0 | MIT | 1 | 2022-04-25 - 16:42 | about 2 years |
0.27.1 | MIT | 1 | 2022-04-26 - 07:36 | about 2 years |
0.27.2 | MIT | 1 | 2022-04-27 - 10:00 | about 2 years |
1.0.0-alpha.1 | MIT | 2022-05-31 - 19:23 | almost 2 years | |
1.0.0 | MIT | 1 | 2022-10-04 - 19:24 | over 1 year |
1.1.0 | MIT | 1 | 2022-10-06 - 19:19 | over 1 year |
1.1.1 | MIT | 1 | 2022-10-07 - 09:15 | over 1 year |
1.1.2 | MIT | 1 | 2022-10-07 - 10:14 | over 1 year |
1.1.3 | MIT | 1 | 2022-10-15 - 13:42 | over 1 year |
1.2.0-alpha.1 | MIT | 1 | 2022-11-10 - 19:06 | over 1 year |
1.2.0 | MIT | 1 | 2022-11-22 - 19:06 | over 1 year |
1.2.1 | MIT | 1 | 2022-12-05 - 19:39 | over 1 year |
1.2.2 | MIT | 1 | 2022-12-29 - 06:38 | over 1 year |
1.2.3 | MIT | 1 | 2023-01-17 - 17:56 | over 1 year |
1.2.4 | MIT | 1 | 2023-01-24 - 17:21 | over 1 year |
1.2.5 | MIT | 1 | 2023-01-26 - 15:06 | over 1 year |
1.2.6 | MIT | 1 | 2023-01-28 - 16:41 | over 1 year |
1.3.0 | MIT | 1 | 2023-01-31 - 16:55 | over 1 year |
1.3.1 | MIT | 1 | 2023-02-01 - 23:31 | about 1 year |
1.3.2 | MIT | 1 | 2023-02-03 - 18:10 | about 1 year |
1.3.3 | MIT | 1 | 2023-02-13 - 18:47 | about 1 year |
1.3.4 | MIT | 1 | 2023-02-22 - 21:06 | about 1 year |
1.3.5 | MIT | 1 | 2023-04-05 - 18:03 | about 1 year |
1.3.6 | MIT | 1 | 2023-04-19 - 19:38 | about 1 year |
1.4.0 | MIT | 1 | 2023-04-27 - 23:05 | about 1 year |
1.5.0 | MIT | 1 | 2023-08-26 - 19:10 | 8 months |
1.5.1 | MIT | 1 | 2023-09-26 - 18:22 | 7 months |
1.6.0 | MIT | 2023-10-26 - 21:15 | 6 months | |
1.6.1 | MIT | 2023-11-08 - 15:09 | 6 months | |
1.6.2 | MIT | 2023-11-14 - 20:36 | 6 months | |
1.6.3 | MIT | 2023-12-26 - 23:16 | 4 months | |
1.6.4 | MIT | 2024-01-03 - 22:10 | 4 months | |
1.6.5 | MIT | 2024-01-05 - 19:52 | 4 months | |
1.6.6 | MIT | 2024-01-24 - 23:12 | 3 months | |
1.6.7 | MIT | 2024-01-25 - 19:58 | 3 months | |
0.28.0 | MIT | 2024-02-12 - 18:38 | 3 months | |
1.6.8 | MIT | 2024-03-15 - 16:32 | about 2 months | |
0.28.1 | MIT | 2024-03-28 - 17:36 | about 1 month | |
1.7.0-beta.0 | MIT | 2024-04-28 - 19:50 | 4 days |