Describe the bug
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
To Reproduce
N/A
Expected behavior
package.json should contain at least
"dependencies": {
"axios": ">=1.6.0"
}
versions
hardhat-deploy 0.11.43
Additional context
The alert was fired by dependabot installed in our repos, can't fix it on out end until you update the dependency on yours.
Describe the bug An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
To Reproduce N/A
Expected behavior package.json should contain at least
"dependencies": { "axios": ">=1.6.0" }
versions
Additional context The alert was fired by dependabot installed in our repos, can't fix it on out end until you update the dependency on yours.
Thank you