CVE-2024-57965

Unknown CVSS: -

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.

Vendor

Axios

Product

Axios

CWE

CWE-346

Yayın Tarihi

2025-01-29 09:15:08

Güncelleme

2025-09-19 19:38:55

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-346 Axios Axios 2025

Referanslar

https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db https://github.com/axios/axios/issues/6351 https://github.com/axios/axios/pull/6714 https://github.com/axios/axios/releases/tag/v1.7.8

Benzer Kayıtlar

High

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig f…

High

CVE-2025-58754

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to ver…

High

CVE-2025-27152

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather tha…