Description
Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Update the axios package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.18.0
- Patched version(s): 0.18.1
References
- GHSA-42xw-2xvc-qx8m
- app.snyk.io
- snyk.io
- www.npmjs.com
- CVE-2019-10742
- CWE-20
- CWE-755
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-x5rq-j2xg-h7qm) 2 - CVE-2019-1010266
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-x5rq-j2xg-h7qm) - CVE-2019-1010266
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-x5rq-j2xg-h7qm) 3 - CVE-2019-1010266
- Tags:
- npm
- axios
Anything's wrong? Let us know Last updated on April 14, 2023