[GHSA-wf5p-g6vw-rhxx] Axios Cross-Site Request Forgery Vulnerability

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.75k stars 336 forks source link

[GHSA-wf5p-g6vw-rhxx] Axios Cross-Site Request Forgery Vulnerability #4972

Closed zwsitezuha closed 1 month ago

zwsitezuha commented 1 month ago

Updates

Affected products

Comments An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.