CVE-2022-1214 (High) detected in axios-0.13.1.js - autoclosed

Question

CVE-2022-1214 (High) detected in axios-0.13.1.js - autoclosed

Closed this issue 3 years ago · 1 comments

mend-bolt-for-github commented 3 years ago

CVE-2022-1214 - High Severity Vulnerability

Vulnerable Library - axios-0.13.1.js

Promise based HTTP client for the browser and node.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/axios/0.13.1/axios.js

Path to dependency file: /test/manual/cors.html

Path to vulnerable library: /test/manual/../../dist/axios.js

Dependency Hierarchy:

❌ axios-0.13.1.js (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.

Publish Date: 2022-05-03

URL: CVE-2022-1214

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/ef7b4ab6-a3f6-4268-a21a-e7104d344607/

Release Date: 2022-05-03

Fix Resolution: axios - v0.26.0

Step up your Open Source Security Game with WhiteSource here

Answer 1 · 2022-05-07T01:16:44.000Z

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.