Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage
[REJECTED CVE] A vulnerability has been identified in the axios library where cookies can be leaked to unauthorized domains during HTTP redirects. This occurs because axios includes the original Cookie header when following a Location redirect to a different domain, violating the same-origin policy. An attacker could exploit this by redirecting requests to their controlled domain, gaining access to sensitive cookies and potentially hijacking user accounts.
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.