Vulnerabilities

 1 via 1 paths

Dependencies

 91

Source

 GitHub

Commit

 c40c2ad1

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: axios
  • Introduced through: @serenity-js/protractor@3.35.1

Detailed paths

  • Introduced through: protractor-cucumber-framework@protractor-cucumber-framework/protractor-cucumber-framework#c40c2ad14f4c9b7c6c442a5a690601bfc5793418 @serenity-js/protractor@3.35.1 @serenity-js/rest@3.35.1 axios@1.11.0

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with an excessive payload, causing allocation of memory for content decoding before verifying content size limits.

Remediation

Upgrade axios to version 1.12.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report