Raulvdv

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 **Description** A prototype pollution gadget exists in the HTTP adapter located in 'lib/adapters/http.js'. This issue occurs due to duck-type checking of the data payload. If `Object.prototype` is polluted with `getHeaders`, `append`, `pipe`, `on`, `once`, and `Symbol.toStringTag`, the software misidentifies plain object payloads as FormData instances. This allows an attacker to trigger the `getHeaders()` function and inject arbitrary HTTP headers into outgoing requests. The trigger can be any prototype pollution primitive within the application's dependency tree, not necessarily originating from the software itself. **Recommendations** Update to version 1.15.1 or later. Update to version 0.31.1 or later.