CVE-2023-45857 - Medium Severity Vulnerability #31
Comments
|
Please update axios dependency to 1.6.0 |
|
See #30 |
|
I'll do a full set of updates once I get to my computer.
…On Sat, Nov 11, 2023 at 10:36 AM Dmitry Vasilenko ***@***.***> wrote:
See #30
<#30>
—
Reply to this email directly, view it on GitHub
<#31 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AASMG3GFCW2CJRABPFDUDGDYD6LPXAVCNFSM6AAAAAA7HKS2KWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBWHA2DMNBSHA>
.
You are receiving this because you are subscribed to this thread.Message
ID: <TheAppleFreak/winston-slack-webhook-transport/issues/31/1806846428@
github.com>
|
|
Alright, updated everything, ran the tests, and the issue should be fixed! Thanks for letting me know about this! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-45857 - Medium Severity Vulnerability
Library home page: https://registry.npmjs.org/axios/-/axios-1.5.1.tgz
Dependency Hierarchy:
Found in base branch: master
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Publish Date: 2023-11-08
URL: CVE-2023-45857
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: axios/axios#6006
Release Date: 2023-11-08
Fix Resolution: axios - 1.6.0
The text was updated successfully, but these errors were encountered: