Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
Vulnerability Description
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`'s `Transport`, `Timeout`, and `CheckRedirect` properties. Impacted applications include that that use axios4go with concurrent requests (multiple goroutines, `GetAsync`, `PostAsync`, etc.), those where different requests use different proxy configurations, and those that handle sensitive data (authentication credentials, tokens, API keys). Version 0.6.4 fixes this issue.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
axios4go 竞争条件问题漏洞
Vulnerability Description
axios4go是Rez Moss个人开发者的一个HTTP客户端库。 axios4go 0.6.4之前版本存在竞争条件问题漏洞,该漏洞源于共享HTTP客户端配置存在竞争条件,可能导致并发请求时修改共享属性。
CVSS Information
N/A
Vulnerability Type
N/A