CNNVD-202602-1285 Information
CNNVD ID
CNNVD-202602-1285
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Axios是Axios开源的一款基于Promise(异步编程的一种解决方案)的HTTP客户端。 Axios 1.13.5之前版本存在代码问题漏洞,该漏洞源于mergeConfig函数处理包含__proto__属性的配置对象时崩溃,可能导致拒绝服务。
Description (English)
Axios is an open-source HTTP client based on Promise (a solution for a different pace of programming). The preAxios 1.13.5 version has a code problem loophole, which stems from the collapse of the MergeConfig function when dealing with a configuration object containing proto- property, which may lead to the denial of service.
Vulnerability Type
代码问题
Affected Vendor
Axios
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/axios/axios/releases/tag/v1.13.5 https://github.com/axios/axios/pull/7388 https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e https://github.com/axios/axios/pull/7369 https://github.com/axios/axios/releases/tag/v0.30.3 https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433 https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
Patch
https://github.com/axios/axios/releases
Share on: