CVE-2023-45857: Axios Cross-Site Request Forgery Vulnerability
(updated )
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
References
- github.com/advisories/GHSA-wf5p-g6vw-rhxx
- github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
- github.com/axios/axios/issues/6006
- github.com/axios/axios/issues/6022
- github.com/axios/axios/pull/6028
- github.com/axios/axios/releases/tag/v1.6.0
- nvd.nist.gov/vuln/detail/CVE-2023-45857
- security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Detect and mitigate CVE-2023-45857 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →