Tag

Axios

4 briefs RSS

Axios Prototype Pollution Leads to Man-in-the-Middle Vulnerability

Axios is vulnerable to a Prototype Pollution attack that can be escalated into a full Man-in-the-Middle (MITM) attack by injecting a malicious proxy configuration via `Object.prototype.proxy`, allowing attackers to intercept, read, and modify all HTTP traffic, including authentication credentials.

axios prototype-pollution mitm javascript

3r 7t 3w ago

critical advisory

Axios NO_PROXY Hostname Normalization Bypass Leads to SSRF

2 rules 1 TTP 1 CVE

Axios is vulnerable to a NO_PROXY hostname normalization bypass leading to SSRF, where requests to loopback addresses like `localhost.` or `[::1]` bypass `NO_PROXY` rules, allowing attackers to force requests through a proxy and potentially exfiltrate sensitive data.

ssrf no_proxy axios hostname_normalization

2r 1t 1c Apr 9, 2026

critical advisory

Axios Prototype Pollution Vulnerability Leads to Request Hijacking and Data Exfiltration

2 rules 1 TTP

Axios versions 0.19.0 through 1.13.6 are vulnerable to prototype pollution, allowing attackers to intercept and modify JSON responses, hijack HTTP requests, and exfiltrate sensitive data by polluting the Object.prototype with keys like `parseReviver` and `transport`.

axios +1 prototype-pollution request-hijacking data-exfiltration javascript

2r 1t Jan 3, 2024

high advisory

Axios HTTP Adapter Prototype Pollution Vulnerability

2 rules 4 TTPs 1 CVE

A prototype pollution vulnerability in the Axios HTTP adapter allows an attacker to inject arbitrary HTTP headers into outgoing requests by polluting the Object prototype with specific properties, leading to potential authentication bypass and privilege escalation.

axios +1 prototype-pollution header-injection cve-2026-42035 authentication-bypass privilege-escalation

2r 4t 1c Jan 2, 2024