Product

Axios

1 brief RSS

Axios Prototype Pollution Vulnerability Leads to Request Hijacking and Data Exfiltration

Axios versions 0.19.0 through 1.13.6 are vulnerable to prototype pollution, allowing attackers to intercept and modify JSON responses, hijack HTTP requests, and exfiltrate sensitive data by polluting the Object.prototype with keys like `parseReviver` and `transport`.

axios +1 prototype-pollution request-hijacking data-exfiltration javascript

2r 1t Jan 3, 2024