CVE-2024-57965

Name of the Vulnerable Software and Affected Versions axios versions prior to 1.7.8

Description The issue is related to the isURLSameOrigin.js file in the axios library, which does not use a URL object when determining an origin and has a potentially unwanted setAttribute('href', href) call. Some parties believe that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.

Recommendations For versions prior to 1.7.8, update to version 1.7.8 or later to resolve the issue. As a temporary workaround, consider disabling the isURLSameOrigin.js function until a patch is available. Restrict access to the lib/helpers/isURLSameOrigin.js file to minimize the risk of exploitation. Avoid using the href attribute in the affected API endpoints until the issue is resolved.