Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability

GSA / 889-tool

Web service for determining 889 compliance of vendors

1 stars 0 forks source link

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #278

Open JennaySDavis opened 1 month ago

JennaySDavis commented 1 month ago

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

JennaySDavis commented 3 weeks ago

#278 Acceptance Criteria

Pass/Fail	Description
Pass	full Regression Testing of 889 Tool

Comments/Additional Notes N/A

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	96
Accessibility	100
Best Practices	100

Passed 08/16/2024 - JSD

johnbeallgsa commented 2 weeks ago

Thanks for explaining this during the demo. Moving to Done.