- Description
- In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
- Source
- cve@mitre.org
- NVD status
- Received
- CNA Tags
- disputed
CVSS 3.1
- Type
- Secondary
- Base score
- 0
- Impact score
- 0
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N
- Severity
- NONE
- cve@mitre.org
- CWE-346
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2024-57965 | axios up to 1.7.7 isURLSameOrigin.js origin validation (Issue 6351)) has been published on https://t.co/24qP2Ex7yT
@WolfgangSesin
29 Jan 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57965 In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) c… https://t.co/RzMtZrZjSl
@CVEnew
29 Jan 2025
434 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes