GHSA-42xw-2xvc-qx8m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-42xw-2xvc-qx8m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-42xw-2xvc-qx8m/GHSA-42xw-2xvc-qx8m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-42xw-2xvc-qx8m
- Aliases
- Published
- 2019-05-29T18:04:45Z
- Modified
- 2023-11-08T04:00:54.287876Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of Service in axios
- Details
-
Versions of
axiosprior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds themaxContentLengthproperty, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.Recommendation
Upgrade to 0.18.1 or later.
- Database specific
{ "severity": "HIGH", "cwe_ids": [ "CWE-20", "CWE-755" ], "github_reviewed_at": "2019-05-14T15:22:47Z", "github_reviewed": true, "nvd_published_at": "2019-05-07T19:29:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10742
- https://github.com/axios/axios/issues/1098
- https://github.com/axios/axios/pull/1485
- https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
- https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://www.npmjs.com/advisories/880
Affected packages
npm / axios
Package
- Name
- axios
- View open source insights on deps.dev
- Purl
- pkg:npm/axios