Source: node-axios Version: 1.5.1+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/axios/axios/issues/6006 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-axios. CVE-2023-45857[0]: | An issue discovered in Axios 1.5.1 inadvertently reveals the | confidential XSRF-TOKEN stored in cookies by including it in the | HTTP header X-XSRF-TOKEN for every request made to any host allowing | attackers to view sensitive information. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45857 https://www.cve.org/CVERecord?id=CVE-2023-45857 [1] https://github.com/axios/axios/issues/6006 [2] https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore