axios Inefficient Regular Expression Complexity vulnerability

Description

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.

Recommendation

Update the axios package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.21.2
• Patched version(s): 0.21.2

References

• GHSA-cph5-m8f7-6c5x
• huntr.dev
• www.npmjs.com
• lists.apache.org
• www.oracle.com
• cert-portal.siemens.com
• CVE-2021-3749
• CWE-1333
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
• Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
• steal Inefficient Regular Expression Complexity vulnerability via string variable - CVE-2022-37259
• debug Inefficient Regular Expression Complexity vulnerability - CVE-2017-20165

Tags:

npm

axios