What happened?
Description
The current version of axios (1.15.1) contains multiple critical and high-severity security vulnerabilities that should be addressed. Please upgrade to version 1.16.0 or higher.
The current version contains 10 known vulnerabilities (1 critical, 4 high, 5 medium severity) affecting:
- Proxy credential handling
- Request manipulation and SSRF attacks
- Prototype pollution attacks
- Resource exhaustion
For full vulnerability details, see: https://security.snyk.io/package/npm/axios/1.15.1
Steps to reproduce
- Navigate to the following URL: https://example.com/admin/login
- Open the browser's built in developer tools
- Enter the following string into the JavaScript console: axios.VERSION
- Note that the application includes a version of axios 1.15.1 which has known security issues associated with it
Craft CMS version
5.10.5
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
What happened?
Description
The current version of axios (1.15.1) contains multiple critical and high-severity security vulnerabilities that should be addressed. Please upgrade to version 1.16.0 or higher.
The current version contains 10 known vulnerabilities (1 critical, 4 high, 5 medium severity) affecting:
For full vulnerability details, see: https://security.snyk.io/package/npm/axios/1.15.1
Steps to reproduce
Craft CMS version
5.10.5
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions