Denial of Service in axios

GHSA-42xw-2xvc-qx8m · CVE-2019-10742

Published May 29, 2019 · Modified Nov 8, 2023

Description

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

Recommendation

Upgrade to 0.18.1 or later.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-10742
WEB https://github.com/axios/axios/issues/1098
WEB https://github.com/axios/axios/pull/1485
WEB https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
WEB https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
WEB https://snyk.io/vuln/SNYK-JS-AXIOS-174505
WEB https://www.npmjs.com/advisories/880

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes