... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.bugs.dist

Ohh some weird Debian bug report thing

28,835 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 27,584 of 28,835

Salvatore Bonaccorso to All

Bug#1127907: node-axios: CVE-2026-25639

14 Feb 26 13:10:03

   From: carnil@debian.org   
      
   Source: node-axios   
   Version: 1.13.2+dfsg-1   
   Severity: important   
   Tags: security upstream   
   X-Debbugs-Cc: carnil@debian.org, Debian Security Team    
      
   Hi,   
      
   The following vulnerability was published for node-axios.   
      
   CVE-2026-25639[0]:   
   | Axios is a promise based HTTP client for the browser and Node.js.   
   | Prior to 1.13.5, the mergeConfig function in axios crashes with a   
   | TypeError when processing configuration objects containing __proto__   
   | as an own property. An attacker can trigger this by providing a   
   | malicious configuration object created via JSON.parse(), causing   
   | complete denial of service. This vulnerability is fixed in 1.13.5.   
      
      
   If you fix the vulnerability please also make sure to include the   
   CVE (Common Vulnerabilities & Exposures) id in your changelog entry.   
      
   For further information see:   
      
   [0] https://security-tracker.debian.org/tracker/CVE-2026-25639   
       https://www.cve.org/CVERecord?id=CVE-2026-25639   
   [1] https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433   
   [2] https://github.com/axios/axios/commit/28c721588c7a77e7503d0a   
   34e016f852c597b57   
      
   Please adjust the affected versions in the BTS as needed.   
      
   Regards,   
   Salvatore   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]