Asadeddin

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 **Description** For stream request bodies, the `maxBodyLength` limit is bypassed when `maxRedirects` is set to 0 using the native http/https transport path. This allows oversized streamed uploads to be sent in full, even when strict body limits are configured by the caller. **Recommendations** Update to version 0.31.1. Update to version 1.15.1.

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 **Description** When the `responseType` variable is set to 'stream', the software returns the response stream without enforcing `maxContentLength`. This allows unbounded downstream consumption by bypassing configured response-size limits. **Recommendations** Update to version 1.15.1 or newer. Update to version 0.31.1 or newer.