axios is a promise-based HTTP client for the browser and Node.js.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with an excessive payload, causing allocation of memory for content decoding before verifying content size limits.
Remediation
A fix was pushed into the master branch but not yet published.