CVE-2019-10742 — Denial of Service in axios

Description

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

How to fix CVE-2019-10742

To remediate CVE-2019-10742, upgrade the affected package to a fixed version below.

Debian/node-axios—upgrade to 0.17.1+dfsg-2 or later
npm/axios—upgrade to 0.18.1 or later

Is CVE-2019-10742 being exploited?

Moderate — EPSS is 13.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.17.1+dfsg-2
from 0, < 0.18.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-10742
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-10742
WEBapp.snyk.io/vuln/SNYK-JS-AXIOS-174505
WEBgithub.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
WEB