CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz #159

mend-bolt-for-github · 2019-05-09T08:14:19Z

CVE-2019-10742 - Medium Severity Vulnerability

Vulnerable Library - axios-0.17.1.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz

Path to dependency file: /webpack-mpa-next/package.json

Path to vulnerable library: /tmp/git/webpack-mpa-next/node_modules/axios/package.json

Dependency Hierarchy:

browser-sync-2.26.5.tgz (Root Library)
- localtunnel-1.9.1.tgz
  - ❌ axios-0.17.1.tgz (Vulnerable Library)

Found in HEAD commit: 5d076f33ddfdf0ced303c5426cda61072088020f

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label May 9, 2019

scriptex closed this as completed May 10, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz #159

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz #159

mend-bolt-for-github bot commented May 9, 2019

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz #159

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz #159

Comments

mend-bolt-for-github bot commented May 9, 2019

CVE-2019-10742 - Medium Severity Vulnerability