CVE-2023-45857

Name of the Vulnerable Software and Affected Versions Axios versions 0.8.1 through 1.5.1

Description The issue is related to a JavaScript library and involves a cross-site request forgery vulnerability. This vulnerability can allow a remote attacker to gain unauthorized access to the XSRF-TOKEN. The confidential XSRF-TOKEN stored in cookies is inadvertently included in the HTTP header X-XSRF-TOKEN for every request made to any host, allowing attackers to view sensitive information.

Recommendations For Axios versions 0.8.1 through 1.5.1, consider disabling the inclusion of the XSRF-TOKEN in the HTTP header X-XSRF-TOKEN for every request as a temporary workaround until a patch is available. Restrict access to sensitive information stored in cookies to minimize the risk of exploitation. Avoid using the XSRF-TOKEN variable in the affected HTTP header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.