Описание
[REJECTED CVE] A vulnerability has been identified in the axios library where cookies can be leaked to unauthorized domains during HTTP redirects. This occurs because axios includes the original Cookie header when following a Location redirect to a different domain, violating the same-origin policy. An attacker could exploit this by redirecting requests to their controlled domain, gaining access to sensitive cookies and potentially hijacking user accounts.
Отчет
This CVE has been rejected upstream: https://github.com/axios/axios/commit/c9aca7525703ab600eacd9e95fd7f6ecc9942616#commitcomment-72837858 Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.
0 Low
CVSS3