HIGH 7.5

GHSA-42xw-2xvc-qx8m

Denial of Service in axios

Details

Versions of `axios` prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the `maxContentLength` property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

## Recommendation

Upgrade to 0.18.1 or later.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / axios

Introduced in: 0 Fixed in: 0.18.1

Fix npm install axios@0.18.1

References

https://nvd.nist.gov/vuln/detail/CVE-2019-10742 [ADVISORY]
https://github.com/axios/axios/issues/1098 [WEB]
https://github.com/axios/axios/pull/1485 [WEB]
https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572 [WEB]
https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505 [WEB]
https://snyk.io/vuln/SNYK-JS-AXIOS-174505 [WEB]
https://www.npmjs.com/advisories/880 [WEB]