Описание
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage
[REJECTED CVE] A vulnerability has been identified in the axios library where cookies can be leaked to unauthorized domains during HTTP redirects. This occurs because axios includes the original Cookie header when following a Location redirect to a different domain, violating the same-origin policy. An attacker could exploit this by redirecting requests to their controlled domain, gaining access to sensitive cookies and potentially hijacking user accounts.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage