Vulnerability in axios (!1590) · Merge requests · Arkindex / Frontend

Erwan Rouchet requested to merge vuln-axios into master Nov 14, 2023

GHSA-wf5p-g6vw-rhxx: The CSRF token may sometimes be sent to the wrong host via the X-CSRFToken header.

git grep, aka the poor man's static analysis, says this could have affected the DataFile S3 upload. S3 only stores X-Amz-Meta-* headers, so the X-CSRFToken header would have been ignored, so it's fine.

Vulnerability in axios

Merge request reports