漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Vulnerability Description
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
Axios 代码问题漏洞
Vulnerability Description
Axios是Axios开源的一款基于Promise(异步编程的一种解决方案)的HTTP客户端。 Axios 1.15.0之前版本存在代码问题漏洞,该漏洞源于存在特定的Gadget攻击链,可能将任何第三方依赖中的原型污染升级为远程代码执行或完全云破解。
CVSS Information
N/A
Vulnerability Type
N/A