An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45857.json",
"cna_assigner": "mitre"
}