Описание
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | needs-triage |
Показывать по
Ссылки на источники
6.5 Medium
CVSS3
Связанные уязвимости
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...
Axios Cross-Site Request Forgery Vulnerability
Уязвимость библиотеки axios, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к токену XSRF-TOKEN
6.5 Medium
CVSS3