Vulnerabilities

 1 via 1 paths

Dependencies

 96

Source

 GitHub

Commit

 eaa7bac1

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: axios
  • Introduced through: axios@1.9.0

Detailed paths

  • Introduced through: crypto-balance-tracker-ui@lucasdistasi/crypto-balance-tracker-ui#eaa7bac195e00daf472c6e5affe6b4cfe4fa9b02 axios@1.9.0
    Remediation: Upgrade to axios@1.12.0.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with an excessive payload, causing allocation of memory for content decoding before verifying content size limits.

Remediation

Upgrade axios to version 1.12.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

MPL-2.0 license

  • Module: lightningcss
  • Introduced through: @tailwindcss/postcss@4.1.18 and @tailwindcss/vite@4.1.18

Detailed paths

  • Introduced through: crypto-balance-tracker-ui@lucasdistasi/crypto-balance-tracker-ui#eaa7bac195e00daf472c6e5affe6b4cfe4fa9b02 @tailwindcss/postcss@4.1.18 @tailwindcss/node@4.1.18 lightningcss@1.30.2
  • Introduced through: crypto-balance-tracker-ui@lucasdistasi/crypto-balance-tracker-ui#eaa7bac195e00daf472c6e5affe6b4cfe4fa9b02 @tailwindcss/vite@4.1.18 @tailwindcss/node@4.1.18 lightningcss@1.30.2

MPL-2.0 license

MPL-2.0 license vulnerability report