Ameerassadi

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 1.11.0 **Description** Axios, a promise-based HTTP client for browsers and Node.js, is susceptible to a denial-of-service (DoS) attack when running on Node.js and processing URLs with the `data:` scheme. The Node http adapter decodes the entire payload from the `data:` URI into memory without size limitations, ignoring `maxContentLength` and `maxBodyLength` configurations. This allows an attacker to supply a large `data:` URI, causing unbounded memory allocation and potentially crashing the process, even when `responseType` is set to 'stream'. Approximately 2.2 million instances are potentially vulnerable. **Recommendations** Update to Axios version 1.11.0 or later.