NodeJS/axios/1.13.3

Promise based HTTP client for the browser and node.js

https://www.npmjs.com/package/axios
MIT

1 Security Vulnerabilities

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Published date: 2026-02-09T17:46:14Z
CVE: CVE-2026-25639
Links:

Denial of Service via proto Key in mergeConfig

Summary

The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.

Details

The vulnerability exists in lib/core/mergeConfig.js at lines 98-101:

utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});

When prop is '__proto__':

  1. JSON.parse('{"__proto__": {...}}') creates an object with __proto__ as an own enumerable property
  2. Object.keys() includes '__proto__' in the iteration
  3. mergeMap['__proto__'] performs prototype chain lookup, returning Object.prototype (truthy object)
  4. The expression mergeMap[prop] || mergeDeepProperties evaluates to Object.prototype
  5. Object.prototype(...) throws TypeError: merge is not a function

The mergeConfig function is called by:

  • Axios._request() at lib/core/Axios.js:75
  • Axios.getUri() at lib/core/Axios.js:201
  • All HTTP method shortcuts (get, post, etc.) at lib/core/Axios.js:211,224

PoC

import axios from "axios";

const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);

Reproduction steps:

  1. Clone axios repository or npm install axios
  2. Create file poc.mjs with the code above
  3. Run: node poc.mjs
  4. Observe the TypeError crash

Verified output (axios 1.13.4):

TypeError: merge is not a function
    at computeConfigValue (lib/core/mergeConfig.js:100:25)
    at Object.forEach (lib/utils.js:280:10)
    at mergeConfig (lib/core/mergeConfig.js:98:9)

Control tests performed: | Test | Config | Result | |------|--------|--------| | Normal config | {"timeout": 5000} | SUCCESS | | Malicious config | JSON.parse('{"__proto__": {"x": 1}}') | CRASH | | Nested object | {"headers": {"X-Test": "value"}} | SUCCESS |

Attack scenario: An application that accepts user input, parses it with JSON.parse(), and passes it to axios configuration will crash when receiving the payload {"__proto__": {"x": 1}}.

Impact

Denial of Service - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.

Affected environments:

  • Node.js servers using axios for HTTP requests
  • Any backend that passes parsed JSON to axios configuration

This is NOT prototype pollution - the application crashes before any assignment occurs.

Affected versions: ["0.30.2", "0.30.1", "0.30.0", "0.29.0", "0.28.1", "0.28.0", "0.27.2", "0.27.1", "0.27.0", "0.26.1", "0.26.0", "0.25.0", "0.24.0", "0.23.0", "0.22.0", "0.21.4", "0.21.3", "0.21.2", "0.21.1", "0.21.0", "0.20.0", "0.20.0-0", "0.19.2", "0.19.1", "0.19.0", "0.19.0-beta.1", "0.18.1", "0.18.0", "0.17.1", "0.17.0", "0.16.2", "0.16.1", "0.16.0", "0.15.3", "0.15.2", "0.15.1", "0.15.0", "0.14.0", "0.13.1", "0.13.0", "0.12.0", "0.11.1", "0.11.0", "0.10.0", "0.9.1", "0.9.0", "0.8.1", "0.8.0", "0.7.0", "0.6.0", "0.5.4", "0.5.3", "0.5.2", "0.5.1", "0.5.0", "0.4.2", "0.4.1", "0.4.0", "0.3.1", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.0", "1.13.4", "1.13.3", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.12.0", "1.11.0", "1.10.0", "1.9.0", "1.8.4", "1.8.3", "1.8.2", "1.8.1", "1.8.0", "1.7.9", "1.7.8", "1.7.7", "1.7.6", "1.7.5", "1.7.4", "1.7.3", "1.7.2", "1.7.1", "1.7.0", "1.7.0-beta.2", "1.7.0-beta.1", "1.7.0-beta.0", "1.6.8", "1.6.7", "1.6.6", "1.6.5", "1.6.4", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0-alpha.1", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0"]
Secure versions: [0.30.3, 1.0.0-alpha.1, 1.13.5, 1.13.6]
Recommendation: Update to version 1.13.6.

129 Other Versions

Version License Security Released
0.15.1 MIT 6 2016-10-15 - 06:39 over 9 years
0.15.0 MIT 6 2016-10-11 - 04:40 over 9 years
0.14.0 MIT 6 2016-08-27 - 18:30 over 9 years
0.13.1 MIT 6 2016-07-16 - 17:13 over 9 years
0.13.0 MIT 6 2016-07-13 - 19:42 over 9 years
0.12.0 MIT 6 2016-06-01 - 05:22 almost 10 years
0.11.1 MIT 6 2016-05-17 - 15:59 almost 10 years
0.11.0 MIT 6 2016-04-27 - 04:19 almost 10 years
0.10.0 MIT 6 2016-04-21 - 04:52 almost 10 years
0.9.1 MIT 6 2016-01-24 - 22:19 about 10 years
0.9.0 MIT 6 2016-01-18 - 18:19 about 10 years
0.8.1 MIT 6 2015-12-15 - 03:44 over 10 years
0.8.0 MIT 5 2015-12-11 - 19:09 over 10 years
0.7.0 MIT 5 2015-09-29 - 06:36 over 10 years
0.6.0 MIT 5 2015-09-21 - 20:20 over 10 years
0.5.4 MIT 5 2015-04-08 - 18:49 almost 11 years
0.5.3 MIT 5 2015-04-08 - 03:01 almost 11 years
0.5.2 MIT 5 2015-03-13 - 23:14 about 11 years
0.5.1 MIT 5 2015-03-10 - 20:47 about 11 years
0.5.0 MIT 5 2015-01-23 - 10:15 about 11 years
0.4.2 MIT 5 2014-12-11 - 07:14 over 11 years
0.4.1 MIT 5 2014-10-15 - 18:19 over 11 years
0.4.0 MIT 5 2014-10-05 - 23:55 over 11 years
0.3.1 MIT 5 2014-09-17 - 00:31 over 11 years
0.3.0 MIT 5 2014-09-16 - 18:20 over 11 years
0.2.2 MIT 5 2014-09-15 - 03:30 over 11 years
0.2.1 MIT 5 2014-09-12 - 22:57 over 11 years
0.2.0 MIT 5 2014-09-12 - 20:06 over 11 years
0.1.0 MIT 5 2014-08-29 - 23:08 over 11 years