Vulnerability report for kontent-ai/delivery-sdk-js

Vulnerabilities	1 via 1 paths
Dependencies	24
Source	GitHub
Commit	1d53103c

Vulnerabilities

1 via 1 paths

Dependencies

Source

GitHub

Commit

1d53103c

medium severity

new

Allocation of Resources Without Limits or Throttling

Vulnerable module: axios
Introduced through: @kontent-ai/core-sdk@10.12.0

Detailed paths

Introduced through: @kontent-ai/delivery-sdk@kontent-ai/delivery-sdk-js#1d53103c4b755a6fda163d916198966a24c5e6b3 › @kontent-ai/core-sdk@10.12.0 › axios@1.11.0

Remediation: Upgrade to @kontent-ai/core-sdk@11.0.0.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with an excessive payload, causing allocation of memory for content decoding before verifying content size limits.

Remediation

Upgrade axios to version 1.12.0 or higher.

References

GitHub Commit

Allocation of Resources Without Limits or Throttling vulnerability report