zaghadon
commented
1 month ago Can't believe this Issue is unsolved till date. This is a security vulnerability and the fix introduces no breaking changes. Kindly fix. @wighawag
Open anatolii-valence opened 7 months ago
zaghadon
commented
1 month ago Can't believe this Issue is unsolved till date. This is a security vulnerability and the fix introduces no breaking changes. Kindly fix. @wighawag
Describe the bug An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
To Reproduce N/A
Expected behavior package.json should contain at least
"dependencies": { "axios": ">=1.6.0" }
versions
Additional context The alert was fired by dependabot installed in our repos, can't fix it on out end until you update the dependency on yours.
Thank you