Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Description

No description available.

Recommendation

Update the axios package to the latest compatible version. Followings are version details:

• Affected version(s): **<= 0.30.2

  >= 1.0.0, <= 1.13.4**

• Patched version(s): **0.30.3

  1.13.5**

References

• GHSA-43fc-jf86-j433
• CVE-2026-25639
• CWE-754
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Cube Core is vulnerable to Denial of Service (DoS) via crafted request - CVE-2026-25957
• jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder - CVE-2026-24133
• angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
• angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117

Tags:

npm

axios