Описание
Denial of Service in axios
Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Upgrade to 0.18.1 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10742
- https://github.com/axios/axios/issues/1098
- https://github.com/axios/axios/pull/1485
- https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
- https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://www.npmjs.com/advisories/880
Пакеты
Наименование
axios
npm
Затронутые версииВерсия исправления
<= 0.18.0
0.18.1
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 7 лет назад
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
CVSS3: 7.5
nvd
почти 7 лет назад
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
CVSS3: 7.5
debian
почти 7 лет назад
Axios up to and including 0.18.0 allows attackers to cause a denial of ...