Vendor
critical
advisory
Axios Prototype Pollution Leads to Man-in-the-Middle Vulnerability
3 rules 7 TTPsAxios is vulnerable to a Prototype Pollution attack that can be escalated into a full Man-in-the-Middle (MITM) attack by injecting a malicious proxy configuration via `Object.prototype.proxy`, allowing attackers to intercept, read, and modify all HTTP traffic, including authentication credentials.
axios
prototype-pollution
mitm
javascript
3r
7t
critical
advisory
Axios Library Vulnerable to Cloud Metadata Exfiltration via Header Injection
2 rules 4 TTPs 2 IOCsThe Axios library is vulnerable to a header injection chain that allows prototype pollution in a third-party dependency to be escalated into remote code execution or full cloud compromise via AWS IMDSv2 bypass by polluting Object.prototype with CRLF characters to smuggle requests to the AWS Metadata Service.
Axios
crlf-injection
prototype-pollution
aws-metadata
ssrf
2r
4t
2i