Description
Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Update the axios package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.18.0
- Patched version(s): 0.18.1
References
- GHSA-42xw-2xvc-qx8m
- app.snyk.io
- snyk.io
- www.npmjs.com
- CVE-2019-10742
- CWE-20
- CWE-755
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - CVE-2025-27152
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Server-Side Request Forgery in axios - CVE-2024-39338
- Tags:
- npm
- axios
Anything's wrong? Let us know Last updated on April 14, 2023