CVE-2019-10742

High

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after…

snyk·CWE-755·Published 2019-05-07

CVSS

7.5

EPSS

0.06

KEV

Exploits

cve.orgen

169 chars

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

NVDen

169 chars

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Versions of `axios` prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the `maxContentLength` property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service. ## Recommendation Upgrade to 0.18.1 or later.

GHSAen

295 chars

NVDes

205 chars

Axios versión 0.18.0 y anteriores, permite a los atacantes causar una denegación de servicio (cierre inesperado de la aplicación) al continuar aceptando contenido después de que se exceda maxContentLength.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H