VDB
DEBIAN-CVE-2023-45857
DEBIAN-CVE-2023-45857
PUBLISHED
CVSS 6.5 MEDIUM
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | node-axios | 0, 1.2.1+dfsg, 1.2.1+dfsg-1 |
| Debian:14 | node-axios | 0, 0, 0 |
| Debian:11 | node-axios | 0.26.0+dfsg-1, 0.26.1+dfsg-1, 0.26.1+dfsg-2 |
| Debian:13 | node-axios | 0, 0, 0 |
Exploit Intelligence
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- CVE-2023-45857の挙動を確認するデモ (github-poc)
- valentin-panov/CVE-2023-45857 (github-poc)
- handlers.endpoints.ts (github-poc)
- handlers-original.ts (github-poc)
Timeline
- Nov 8, 2023 CVE Published
- Apr 28, 2026 CVE Updated