Potential URL Handling Flaw in Axios by Axios
CVE-2024-57965

NONE

Key Information:

Vendor: AxiOS
Status: AxiOS
Vendor: CVE Published:; 29 January 2025

What is CVE-2024-57965?

A potential issue has been identified in Axios prior to version 1.7.8, where the code in lib/helpers/isURLSameOrigin.js fails to properly utilize a URL object for origin verification. This shortcoming could allow for unintended behavior when setting attributes with 'href'. Some experts suggest that this change may only address superficial concerns related to static analysis tools rather than a deeper vulnerability, highlighting the significance of reviewing code changes and dependencies thoroughly.

Affected Version(s)

axios 0 < 1.7.8

References

https://github.com/axios/axios/issues/6351

https://github.com/axios/axios/releases/tag/v1.7.8

https://github.com/axios/axios/commit/0a8d6e19da5b9899a2a...

CVSS V3.1

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
Jan 29, 2025

AxiOS

What is CVE-2024-57965?

Affected Version(s)

References

CVSS V3.1

Timeline