Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability

GSA / 889-tool

Web service for determining 889 compliance of vendors

1 stars 0 forks source link

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

Open JennaySDavis opened 6 months ago

JennaySDavis commented 6 months ago

Severity - Moderate

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host, allowing attackers to view sensitive information.

JennaySDavis commented 5 months ago

#161 Acceptance Criteria

Pass/Fail	Description
Pass	Execute Search; sam.gov returns results to 889 Tool

Comments/Additional Notes *A minor issue with aria labels was located, affecting the accessibility score. See https://github.com/orgs/GSA/projects/116/views/3?pane=issue&itemId=51527311

ADA Compliance (Automated scan via Chrome Lighthouse)	Criteria	Score
Performance	98
Accessibility	96
Best Practices	93

Passed 01/29/2024 - JSD

LoraBradford commented 5 months ago

Reviewed 889 tool, did not see any issues. Story #185 will fix the accessibility score. Thank you! Moving to done!