Description
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 npm | | >=1.0.0 <1.15.0 || >=0 <0.31.0 | 1.15.0, 0.31.0 |
 debian 12 | | =1.11.0+dfsg-1 || =1.12.1+dfsg-1 || =1.13.1+dfsg-1 || =1.13.2+dfsg-1 || =1.14.0+dfsg-1 || =1.15.0-1 || =1.15.2-1 || =1.16.0-1 || =1.2.1+dfsg-1 || =1.2.1+dfsg-1+deb12u1 || =1.5.1+dfsg-1 || =1.6.2+dfsg-1 || =1.6.8+dfsg-1 || =1.6.8+dfsg-2 || =1.7.3+dfsg-1 || =1.7.4+dfsg-1 || =1.7.7+dfsg-1 || =1.7.9+dfsg-1 || =1.8.4+dfsg-1 | - |
debian 11 | | =0.21.1+dfsg-1 || =0.21.1+dfsg-1+deb11u1 || =0.21.3+dfsg-1 || =0.21.4+dfsg-1 || =0.22.0+dfsg-1 || =0.23.0+dfsg-1 || =0.23.0+dfsg-2 || =0.24.0+dfsg-1 || =0.25.0+dfsg-1 || =0.25.0+dfsg-2 || =0.26.0+dfsg-1 || =0.26.1+dfsg-1 || =0.26.1+dfsg-2 || =0.27.2+dfsg-1 || =0.27.2+dfsg-2 || =1.1.2+dfsg-1 || =1.1.2+dfsg-2 || =1.1.2+dfsg-3 || =1.1.3+dfsg-1 || =1.1.3+dfsg-2 || =1.11.0+dfsg-1 || =1.12.1+dfsg-1 || =1.13.1+dfsg-1 || =1.13.2+dfsg-1 || =1.14.0+dfsg-1 || =1.15.0-1 || =1.15.2-1 || =1.16.0-1 || =1.2.0+dfsg-1 || =1.2.1+dfsg-1 || =1.5.1+dfsg-1 || =1.6.2+dfsg-1 || =1.6.8+dfsg-1 || =1.6.8+dfsg-2 || =1.7.3+dfsg-1 || =1.7.4+dfsg-1 || =1.7.7+dfsg-1 || =1.7.9+dfsg-1 || =1.8.4+dfsg-1 | - |
debian 14 | | =1.11.0+dfsg-1 || =1.12.1+dfsg-1 || =1.13.1+dfsg-1 || =1.13.2+dfsg-1 || =1.14.0+dfsg-1 || =1.8.4+dfsg-1 || >=0 <1.15.0-1 | 1.15.0-1 |
debian 13 | | =1.11.0+dfsg-1 || =1.12.1+dfsg-1 || =1.13.1+dfsg-1 || =1.13.2+dfsg-1 || =1.14.0+dfsg-1 || =1.15.0-1 || =1.15.2-1 || =1.16.0-1 || =1.8.4+dfsg-1 | - |
