Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2023-0439

Good to know:

icon
icon

Date: October 25, 2023

Axios is vulnerable to Regular Expression Denial of Service (ReDoS). When a manipulated string is provided as input to the format method, the regular expression exhibits a time complexity of O(n^2). Server becomes unable to provide normal service due to the excessive cost and time wasted in processing vulnerable regular expressions.

Language: JS

Severity Score

Related Resources (2)

https://huntr.com/bounties/69a1aa07-c36e-4d9e-9325-b634e0aa4bb0
https://www.mend.io/vulnerability-database/WS-2023-0439

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

icon

Upgrade Version

Upgrade to version axios - 1.6.3;axios - 0.20.0;axios - 0.29.0;axios - 1.6.3

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):
Integrity (I):
Availability (A):

Do you need more information?

Contact Us