Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Description

No description available.

Recommendation

Update the axios package to the latest compatible version. Followings are version details:

• Affected version(s): **<= 0.30.2

  >= 1.0.0, <= 1.13.4**

• Patched version(s): **0.30.3

  1.13.5**

References

• GHSA-43fc-jf86-j433
• CVE-2026-25639
• CWE-1321
• CWE-754
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer - CVE-2026-41680
• Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions - CVE-2026-34404
• jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder - CVE-2026-24133
• Cube Core is vulnerable to Denial of Service (DoS) via crafted request - CVE-2026-25957

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

axios