Tag
The Axios library is vulnerable to a header injection chain that allows prototype pollution in a third-party dependency to be escalated into remote code execution or full cloud compromise via AWS IMDSv2 bypass by polluting Object.prototype with CRLF characters to smuggle requests to the AWS Metadata Service.