Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyeHctMnh2Yy1xeDht
Denial of Service in axios
Versions of axios
prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength
property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Upgrade to 0.18.1 or later.
Permalink: https://github.com/advisories/GHSA-42xw-2xvc-qx8mJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyeHctMnh2Yy1xeDht
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 5 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-42xw-2xvc-qx8m, CVE-2019-10742
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10742
- https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://github.com/axios/axios/issues/1098
- https://github.com/axios/axios/pull/1485
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://www.npmjs.com/advisories/880
- https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
- https://github.com/advisories/GHSA-42xw-2xvc-qx8m
Blast Radius: 42.4
Affected Packages
npm:axios
Dependent packages: 97,210Dependent repositories: 453,457
Downloads: 203,853,050 last month
Affected Version Ranges: <= 0.18.0
Fixed in: 0.18.1
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.16.0, 0.16.1, 0.16.2, 0.17.0, 0.17.1, 0.18.0
All unaffected versions: 0.18.1, 0.19.0, 0.19.1, 0.19.2, 0.20.0, 0.21.0, 0.21.1, 0.21.2, 0.21.3, 0.21.4, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.27.2, 0.28.0, 0.28.1, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8