See on npm

axios 0.18.0

3 security vulnerabilities found in version 0.18.0

axios Inefficient Regular Expression Complexity vulnerability

high severity CVE-2021-3749
high severity CVE-2021-3749
Affected versions: < 0.21.2

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.

Denial of Service in axios

high severity CVE-2019-10742
high severity CVE-2019-10742
Affected versions: <= 0.18.0

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

Recommendation

Upgrade to 0.18.1 or later.

Axios vulnerable to Server-Side Request Forgery

medium severity CVE-2020-28168
medium severity CVE-2020-28168
Affected versions: < 0.21.1

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Author did not declare license for this package in the source code.

This package version has a MIT license in the source code, however it was not declared in the source code.

This package version is available.

This package version has not been yanked and is still available for usage.