Open kriswest opened 2 months ago
[2/10] - pkg:npm/axios@0.28.1 - 1 vulnerability found!
Vulnerability Title: [CVE-2023-45857] CWE-352: Cross-Site Request Forgery (CSRF) ID: CVE-2023-45857 Description: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. CVSS Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE: CVE-2023-45857 Reference: https://ossindex.sonatype.org/vulnerability/CVE-2023-45857?component-type=npm&component-name=axios&utm_source=auditjs&utm_medium=integration&utm_content=4.0.45
> npm ls axios website@ C:\Users\Kris\Documents\code\FDC3\website ├─┬ @docusaurus/core@2.4.1 │ └─┬ wait-on@6.0.1 │ └── axios@0.25.0 └── axios@0.28.1
[2/10] - pkg:npm/axios@0.28.1 - 1 vulnerability found!
Vulnerability Title: [CVE-2023-45857] CWE-352: Cross-Site Request Forgery (CSRF) ID: CVE-2023-45857 Description: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. CVSS Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE: CVE-2023-45857 Reference: https://ossindex.sonatype.org/vulnerability/CVE-2023-45857?component-type=npm&component-name=axios&utm_source=auditjs&utm_medium=integration&utm_content=4.0.45