Potential URL Handling Flaw in Axios by Axios
CVE-2024-57965
NONE
What is CVE-2024-57965?
A potential issue has been identified in Axios prior to version 1.7.8, where the code in lib/helpers/isURLSameOrigin.js fails to properly utilize a URL object for origin verification. This shortcoming could allow for unintended behavior when setting attributes with 'href'. Some experts suggest that this change may only address superficial concerns related to static analysis tools rather than a deeper vulnerability, highlighting the significance of reviewing code changes and dependencies thoroughly.
Affected Version(s)
axios 0 < 1.7.8