CNNVD-202509-1824 Information

Sep 12, 2025 cve

CNNVD ID

CNNVD-202509-1824

CVE-2025-58754

  • CNNVD Published: 2025-09-12

Description (Chinese)

Axios是Axios开源的一款基于Promise(异步编程的一种解决方案)的HTTP客户端。 Axios 1.11.0之前版本存在安全漏洞,该漏洞源于处理data方案URL时未限制内存分配,可能导致拒绝服务攻击。

Description (English)

Axios is an open-source HTTP client based on Promise (a solution for a different pace of programming). There was a security loophole in the preAxios 1.11.0 version, which arose from the unrestricted RAM distribution in the processing of the URL of the Data programme, which could lead to the denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Axios Systems

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67 https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06 https://github.com/axios/axios/releases/tag/v0.30.2 https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593 https://github.com/axios/axios/releases/tag/v1.12.0 https://github.com/axios/axios/pull/7011 https://github.com/axios/axios/pull/7034 https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj

Patch

https://github.com/axios/axios/releases/tag/v1.12.2

Share on: