CVE-2023-45857

Summary

CVE-2023-45857 is a vulnerability affecting version 1.5.1 of Axios, a popular JavaScript library for making HTTP requests. The issue exposes the XSRF-TOKEN, a confidential cookie used for Cross-Site Request Forgery (CSRF) protection, by inadvertently including it in the HTTP header X-XSRF-TOKEN for all requests. Attackers can exploit this vulnerability to gain access to sensitive information by making requests to hosts where they have CSRF tokens. This could lead to unauthorized data access or modification, making it crucial for users to update to the latest version of Axios to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.