Moderate severityNVD Advisory· Published Nov 8, 2023· Updated Sep 4, 2024
CVE-2023-45857
CVE-2023-45857
Description
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
axiosnpm | >= 1.0.0, < 1.6.0 | 1.6.0 |
axiosnpm | >= 0.8.1, < 0.28.0 | 0.28.0 |
Affected products
49- osv-coords48 versionspkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:npm/axios
< 2.11.1-r2+ 47 more
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.13.0-r0
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: < 2.11.1-r2
- (no CPE)range: >= 1.0.0, < 1.6.0
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-wf5p-g6vw-rhxxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-45857ghsaADVISORY
- github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967ghsaWEB
- github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0ghsaWEB
- github.com/axios/axios/issues/6006ghsaWEB
- github.com/axios/axios/issues/6022ghsaWEB
- github.com/axios/axios/pull/6028ghsaWEB
- github.com/axios/axios/pull/6091ghsaWEB
- github.com/axios/axios/releases/tag/v0.28.0ghsaWEB
- github.com/axios/axios/releases/tag/v1.6.0ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006ghsaWEB
- security.snyk.io/vuln/SNYK-JS-AXIOS-6032459ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006/mitre
News mentions
0No linked articles in our index yet.