1 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 4

CVE-2023-45857 – axios: exposure of confidential data stored in cookies

https://notcve.org/view.php?id=CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. Un problema descubierto en Axios 1.5.1 revela inadvertidamente el XSRF-TOKEN confidencial almacenado en las cookies al incluirlo en el encabezado HTTP X-XSRF-TOKEN para cada solicitud realizada a cualquier host, lo que permite a los atacantes ver información sensible. A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data. • https://github.com/valentin-panov/CVE-2023-45857 https://github.com/fuyuooumi1027/CVE-2023-45857-Demo https://github.com/intercept6/CVE-2023-45857-Demo https://github.com/axios/axios/issues/6006 https://security.netapp.com/advisory/ntap-20240621-0006 https://access.redhat.com/security/cve/CVE-2023-45857 https://bugzilla.redhat.com/show_bug.cgi?id=2248979 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-352: Cross-Site Request Forgery (CSRF) •