Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

axios 0.19 is vulnerable

See original GitHub issue

The bug that 0.19 sought to resolve introduced other errors. You can continue to use it the way you are doing - but it’s safer to pin to =0.18.1.

  "dependencies": {
    "axios": "0.18.1",

Issue Analytics

State:
Created 4 years ago
Comments:8 (8 by maintainers)

Top GitHub Comments

1reaction

nothingismagickcommented, Dec 4, 2019

I don’t know what your plans are - but my concern is that there may be other as yet undiscovered vulnerabilities lying in wait. 0.18.1 ONLY fixed the vulnerability about evil remotes not hanging up.

0reactions

lirantalcommented, Dec 4, 2019

Nonetheless, appreciate the heads up!

Top Results From Across the Web

Vulnerability since version 0.19.0 #3405 - axios/axios - GitHub

Snyk reports that since version 0.19.0 there is SSRF vulnerability that has no been fixed yet. Affected versions of this package are vulnerable ......

Axios Axios : List of security vulnerabilities - CVE Details

# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2021‑3749 1333 2021‑08‑31 2022‑10‑07 7.8 None 2 CVE‑2020‑28168 918 Bypass 2020‑11‑06...

National Vulnerability Database - NVD - Results

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a...

axios 0.19.2 Vulnerabilities

axios 0.19.2 ... This feed has no vulnerability sources configured. Vulnerability scanning enables third-party services to scan packages on selected feeds for ...

Potential security vulnerability found in the axios dependency

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength...