Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyeHctMnh2Yy1xeDht

High CVSS: 7.5 EPSS: 0.1309% (0.94092 Percentile) EPSS:
Permalink JSON

Denial of Service in axios

Affected Packages Affected Versions Fixed Versions
npm:axios
PURL: pkg:npm/axios
<= 0.18.0 0.18.1
97,210 Dependent packages
453,457 Dependent repositories
464,177,977 Downloads last month

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.16.0, 0.16.1, 0.16.2, 0.17.0, 0.17.1, 0.18.0

All unaffected versions

0.18.1, 0.19.0, 0.19.1, 0.19.2, 0.20.0, 0.21.0, 0.21.1, 0.21.2, 0.21.3, 0.21.4, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.27.2, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 0.30.1, 0.30.2, 0.30.3, 0.30.4, 0.31.0, 0.31.1, 0.32.0, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.13.4, 1.13.5, 1.13.6, 1.14.0, 1.14.1, 1.15.0, 1.15.1, 1.15.2, 1.16.0, 1.16.1, 1.17.0

Potentially Affected Packages

These packages share the same source repository and may be affected by this vulnerability, but are not listed in the advisory.

Package Ecosystem Latest Version Classification
@depup/axios npm Likely Fork
@weyforth/axios npm 0.18.1 Likely Fork
@livepeer/axios npm 0.19.2 Likely Fork
@mxw/axios npm 1.0.0-alpha.6 Likely Fork
@zahiruddinnorzain/axios npm 1.4.0 Likely Fork
@briefy/axios npm 0.19.0 Likely Fork
@pansy/axios npm 0.2.0 Likely Fork
@justinbeckwith/axios npm 0.1.1 Likely Fork
@bmy/axios npm 0.19.3 Likely Fork
@sppk/axios npm 0.24.1 Likely Fork
@unional/axios npm 1.3.3 Likely Fork
@looko/axios npm 1.7.9 Likely Fork
@voypost/axios npm 0.19.1 Likely Fork
@sqwiroux/axios npm 1.8.4 Likely Fork
@ikonintegration/axios npm 0.19.3 Likely Fork
github.com/axios/Axios go v1.13.5 Repackage
axios nuget 0.16.2 Repackage
github.com/axios/axios go v1.13.5 Repackage

Package Ecosystem Latest Version
bill-axios npm 1.0.0
redroseaxxios npm 1.0.0
gc-axios npm 0.19.1
csap-axios npm 1.0.1
axios-cancel bower v1.13.3
axios-node-v1 npm 0.24.0
fetch-like-axios npm 0.0.5
mhyaxios2 npm 0.21.1
chensi_axios npm 0.18.2
tc-public-assembly npm 0.1.1
wax-match-axios-client npm 1.4.0
axiosforfivem npm 1.0.1
@huangjingjing/axios-fetch npm 1.0.7
org.webjars.npm:types__axios maven 0.14.0
axios-redos-fixed npm 1.6.4
astmain npm 2.0.1
resmic_adi_test npm 1.0.2
axios-temp npm 0.19.1
jfaxios npm 0.0.4
axiosttt npm 0.21.6
wechat_axios npm 0.19.0-beta.2
axios-quick npm 0.19.1
axios-advanced npm 1.7.2
axios-mini npm 1.4.0
axios-dev2 npm 0.0.3
axios-mp npm 1.0.2
org.webjars.npm:axios maven 1.13.5
@podong-e/my_npm_module npm 0.19.0-beta.1
min_axios npm 0.1.8
@neonmaster/axios-hehe npm 1.10.0
community-axios npm 0.19.1
org.webjars.bowergithub.axios:axios maven 1.5.0
axios-dm npm 0.26.3
axioswill npm 0.18.0
wangin-axios npm 0.1.0
@extscreen/es3-axios npm 0.0.1-alpha.3
abs1004-axios npm 0.21.4
tj-axios npm 0.17.1
lunare-http npm 0.0.1
mapsdk_test npm 1.0.2
dy-axios npm 0.18.1
gas-axios npm 0.18.0
@testuser__/axios_test npm 1.2.8
contractq-axios npm 1.7.5
abs1118-axios npm 0.21.0
ahxios npm 0.19.2
hd_axios npm 1.0.2
anime-axios npm 0.1.1
kickstand-axios npm 0.21.5
six-axios npm 1.6.8
@lcap/axios-fixed npm 1.13.4
axios-sky npm 1.7.2
red-wxaxios npm 1.0.0
axios-for-nuxt npm 0.19.0
axiosync npm 0.19.0-beta.4
axios.js nuget 0.18.0
org.mvnpm:axios maven 1.13.5
caxios2020 npm 0.19.8
basic_kim_math npm 1.1.1
tauri-axios-wrapper npm 1.7.9
org.webjars.bower:axios maven 0.21.1
axl0s npm 1.0.0
ca-axios npm
axiosqqq npm

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

Recommendation

Upgrade to 0.18.1 or later.

References:

Identifiers

GHSA-42xw-2xvc-qx8m

CVE-2019-10742

Risk

Severity

High

CVSS

CVSS Score: 7.5

CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

EPSS Percentage: 0.1309

EPSS Percentile: 0.94092

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/axios/axios
View on Ecosyste.ms

Date and time

Published

about 7 years ago

Updated

22 minutes ago

API

JSON