Axios Cross-Site Request Forgery Vulnerability
Moderate severity
GitHub Reviewed
Published
Nov 8, 2023
to the GitHub Advisory Database
•
Updated Feb 20, 2024
Package
Affected versions
>= 1.0.0, < 1.6.0
>= 0.8.1, < 0.28.0
Patched versions
1.6.0
0.28.0
Description
Published by the National Vulnerability Database
Nov 8, 2023
Published to the GitHub Advisory Database
Nov 8, 2023
Reviewed
Nov 10, 2023
Last updated
Feb 20, 2024
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
References