Valentin-Panov

**Name of the Vulnerable Software and Affected Versions** Axios versions 0.8.1 through 1.5.1 **Description** The issue is related to a JavaScript library and involves a cross-site request forgery vulnerability. This vulnerability can allow a remote attacker to gain unauthorized access to the XSRF-TOKEN. The confidential XSRF-TOKEN stored in cookies is inadvertently included in the HTTP header X-XSRF-TOKEN for every request made to any host, allowing attackers to view sensitive information. **Recommendations** For Axios versions 0.8.1 through 1.5.1, consider disabling the inclusion of the XSRF-TOKEN in the HTTP header X-XSRF-TOKEN for every request as a temporary workaround until a patch is available. Restrict access to sensitive information stored in cookies to minimize the risk of exploitation. Avoid using the `XSRF-TOKEN` variable in the affected HTTP header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.