Potential URL Handling Flaw in Axios by Axios
CVE-2024-57965

NONE

Key Information:

Vendor

AxiOS

Status
Vendor
CVE Published:
29 January 2025

What is CVE-2024-57965?

A potential issue has been identified in Axios prior to version 1.7.8, where the code in lib/helpers/isURLSameOrigin.js fails to properly utilize a URL object for origin verification. This shortcoming could allow for unintended behavior when setting attributes with 'href'. Some experts suggest that this change may only address superficial concerns related to static analysis tools rather than a deeper vulnerability, highlighting the significance of reviewing code changes and dependencies thoroughly.

Affected Version(s)

axios 0 < 1.7.8

References

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.