New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability #6351
Comments
at a glance without going into the code i believe this is inside of the tests, I think it may be a false positive, please send drop the CVE link |
Thank you for your response. I don't have CVE link but have some data from fortify scan. The file path in the repo is \axios\dist\axios.js In this case, the data is sent at setAttribute() in axios.js file. The malicious content sent to the web browser often takes the form of a JavaScript segment, but can also include HTML, Flash or any other type of code that the browser executes. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data such as cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user's machine under the guise of the vulnerable site.
|
Describe the issue
As part of our company's security policy, we run all our application through fortify scan. Fortify scan raised a flag in axios.js file where setAttribute('href' href) has been used. It is suggesting to validate data which passes through this setAttribute('href' href). Could you please suggest something. Thank you.
Example Code
No response
Expected behavior
No response
Axios Version
No response
Adapter Version
No response
Browser
No response
Browser Version
No response
Node.js Version
No response
OS
No response
Additional Library Versions
No response
Additional context/Screenshots
No response
The text was updated successfully, but these errors were encountered: