You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2023-45857 axios: exposure of confidential data stored in cookies
https://bugzilla.redhat.com/show_bug.cgi?id=2248979
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
https://github.com/axios/axios/issues/6006
https://github.com/jeffbski/wait-on/pull/147
@redhat-cloud-services/rbac-client is on axios@^0.27.2
Hi,
We got a new CVE ticket about axios for our project (OCM):
https://issues.redhat.com/browse/OCMUI-1491
@redhat-cloud-services/rbac-client
is onaxios@^0.27.2
javascript-clients/packages/rbac/package.json
Line 27 in f9cafa3
It's not clear if the reported issue was introduced with
1.5.1
. Anyway, older versions of axios got their share of CVEs reported over time.Do you think it could be possible to update it to latest?
Thanks!
The text was updated successfully, but these errors were encountered: