Skip to content

Vulnerability in axios

Erwan Rouchet requested to merge vuln-axios into master

GHSA-wf5p-g6vw-rhxx: The CSRF token may sometimes be sent to the wrong host via the X-CSRFToken header.

git grep, aka the poor man's static analysis, says this could have affected the DataFile S3 upload. S3 only stores X-Amz-Meta-* headers, so the X-CSRFToken header would have been ignored, so it's fine.

Merge request reports

Loading