Skip to content

Conversation

rockdaboot
Copy link
Contributor

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Affected versions: >= 0.8.1, < 0.28.0

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the
confidential XSRF-TOKEN stored in cookies by including it in the HTTP header
X-XSRF-TOKEN for every request made to any host allowing attackers to view
sensitive information.

Affected versions: >= 0.8.1, < 0.28.0
@rockdaboot rockdaboot added the bug Something isn't working label Aug 13, 2024
@github-actions github-actions bot added the aws-λ-extension AWS Lambda Extension label Aug 13, 2024
@rockdaboot rockdaboot enabled auto-merge (squash) August 13, 2024 14:19
@rockdaboot rockdaboot merged commit d0b5700 into elastic:main Aug 13, 2024
@rockdaboot rockdaboot deleted the update-axios branch August 13, 2024 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aws-λ-extension AWS Lambda Extension bug Something isn't working

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

2 participants