PT-2026-35049 · Npm · Axios
Published
2026-04-24
·
Updated
2026-04-24
·
CVE-2026-42039
CVSS v4.0
6.9
Medium
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Axios versions prior to 1.15.1
Axios versions prior to 0.31.1
Description
The
toFormData function recursively processes nested objects without a depth limit. Consequently, providing a deeply nested value as request data can cause the Node.js process to crash due to a RangeError.Recommendations
Update to version 1.15.1 or later.
Update to version 0.31.1 or later.
Exploit
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axios