You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.
It is recommended that:
When baseURL is set, passing an absolute URL such as http://attacker.test/ to get() should not ignore baseURL.
Before sending the HTTP request (after combining the baseURL with the user-provided parameter), axios should verify that the resulting URL still begins with the expected baseURL.
Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.
Impact
Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
Affected Users: Software that uses baseURL and does not validate path parameters is affected by this issue.
When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (Buffer/Blob) and returns a synthetic 200 response.
This path ignores maxContentLength / maxBodyLength (which only protect HTTP responses), so an attacker can supply a very large data: URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
Details
The Node adapter (lib/adapters/http.js) supports the data: scheme. When axios encounters a request whose URL starts with data:, it does not perform an HTTP request. Instead, it calls fromDataURI() to decode the Base64 payload into a Buffer or Blob.
constaxios=require('axios');asyncfunctionmain(){// this example decodes ~120 MBconstbase64Size=160_000_000;// 120 MB after decodingconstbase64='A'.repeat(base64Size);consturi='data:application/octet-stream;base64,'+base64;console.log('Generating URI with base64 length:',base64.length);constresponse=awaitaxios.get(uri,{responseType: 'arraybuffer'});console.log('Received bytes:',response.data.length);}main().catch(err=>{console.error('Error:',err.message);});
Run with limited heap to force a crash:
node --max-old-space-size=100 poc.js
Since Node heap is capped at 100 MB, the process terminates with an out-of-memory error:
<--- Last few GCs --->
...
FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
1: 0x... node::Abort() ...
...
Mini Real App PoC:
A small link-preview service that uses axios streaming, keep-alive agents, timeouts, and a JSON body. It allows data: URLs which axios fully ignore maxContentLength , maxBodyLength and decodes into memory on Node before streaming enabling DoS.
importexpressfrom"express";importmorganfrom"morgan";importaxiosfrom"axios";importhttpfrom"node:http";importhttpsfrom"node:https";import{PassThrough}from"node:stream";constkeepAlive=true;consthttpAgent=newhttp.Agent({ keepAlive,maxSockets: 100});consthttpsAgent=newhttps.Agent({ keepAlive,maxSockets: 100});constaxiosClient=axios.create({timeout: 10000,maxRedirects: 5,
httpAgent, httpsAgent,headers: {"User-Agent": "axios-poc-link-preview/0.1 (+node)"},validateStatus: c=>c>=200&&c<400});constapp=express();constPORT=Number(process.env.PORT||8081);constBODY_LIMIT=process.env.MAX_CLIENT_BODY||"50mb";app.use(express.json({limit: BODY_LIMIT}));app.use(morgan("combined"));app.get("/healthz",(req,res)=>res.send("ok"));/** * POST /preview { "url": "<http|https|data URL>" } * Uses axios streaming but if url is data:, axios fully decodes into memory first (DoS vector). */app.post("/preview",async(req,res)=>{consturl=req.body?.url;if(!url)returnres.status(400).json({error: "missing url"});letu;try{u=newURL(String(url));}catch{returnres.status(400).json({error: "invalid url"});}// Developer allows using data:// in the allowlistconstallowed=newSet(["http:","https:","data:"]);if(!allowed.has(u.protocol))returnres.status(400).json({error: "unsupported scheme"});constcontroller=newAbortController();constonClose=()=>controller.abort();res.on("close",onClose);constbefore=process.memoryUsage().heapUsed;try{constr=awaitaxiosClient.get(u.toString(),{responseType: "stream",maxContentLength: 8*1024,// Axios will ignore this for data:maxBodyLength: 8*1024,// Axios will ignore this for data:signal: controller.signal});// stream only the first 64KB backconstcap=64*1024;letsent=0;constlimiter=newPassThrough();r.data.on("data",(chunk)=>{if(sent+chunk.length>cap){limiter.end();r.data.destroy();}else{sent+=chunk.length;limiter.write(chunk);}});r.data.on("end",()=>limiter.end());r.data.on("error",(e)=>limiter.destroy(e));constafter=process.memoryUsage().heapUsed;res.set("x-heap-increase-mb",((after-before)/1024/1024).toFixed(2));limiter.pipe(res);}catch(err){constafter=process.memoryUsage().heapUsed;res.set("x-heap-increase-mb",((after-before)/1024/1024).toFixed(2));res.status(502).json({error: String(err?.message||err)});}finally{res.off("close",onClose);}});app.listen(PORT,()=>{console.log(`axios-poc-link-preview listening on http://0.0.0.0:${PORT}`);console.log(`Heap cap via NODE_OPTIONS, JSON limit via MAX_CLIENT_BODY (default ${BODY_LIMIT}).`);});
Enforce size limits
For protocol === 'data:', inspect the length of the Base64 payload before decoding. If config.maxContentLength or config.maxBodyLength is set, reject URIs whose payload exceeds the limit.
Stream decoding
Instead of decoding the entire payload in one Buffer.from call, decode the Base64 string in chunks using a streaming Base64 decoder. This would allow the application to process the data incrementally and abort if it grows too large.
@renovaterenovatebot
changed the title
(削除) fix(deps): update dependency axios to v0.28.0 [security] (削除ここまで)
(追記) fix(deps): update dependency axios to v1 [security] (追記ここまで)
Aug 6, 2024
@renovaterenovatebot
changed the title
(削除) fix(deps): update dependency axios to v1 [security] (削除ここまで)
(追記) fix(deps): update dependency axios to v0.30.0 [security] (追記ここまで)
Mar 28, 2025
@renovaterenovatebot
changed the title
(削除) fix(deps): update dependency axios to v0.30.0 [security] (削除ここまで)
(追記) fix(deps): update dependency axios to v1 [security] (追記ここまで)
Jun 24, 2025
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
This PR contains the following updates:
0.21.4->1.12.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVE-2025-27152
Summary
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if
baseURLis set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.Details
Consider the following code snippet:
In this example, the request is sent to
http://attacker.test/instead of thebaseURL. As a result, the domain owner ofattacker.testwould receive theX-API-KEYincluded in the request headers.It is recommended that:
baseURLis set, passing an absolute URL such ashttp://attacker.test/toget()should not ignorebaseURL.baseURLwith the user-provided parameter), axios should verify that the resulting URL still begins with the expectedbaseURL.PoC
Follow the steps below to reproduce the issue:
Even though
baseURLis set tohttp://localhost:10001/, axios sends the request tohttp://localhost:10002/.Impact
baseURLand does not validate path parameters is affected by this issue.CVE-2025-58754
Summary
When Axios runs on Node.js and is given a URL with the
data:scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (Buffer/Blob) and returns a synthetic 200 response.This path ignores
maxContentLength/maxBodyLength(which only protect HTTP responses), so an attacker can supply a very largedata:URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requestedresponseType: 'stream'.Details
The Node adapter (
lib/adapters/http.js) supports thedata:scheme. Whenaxiosencounters a request whose URL starts withdata:, it does not perform an HTTP request. Instead, it callsfromDataURI()to decode the Base64 payload into a Buffer or Blob.Relevant code from
[httpAdapter](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231):The decoder is in
[lib/helpers/fromDataURI.js](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/helpers/fromDataURI.js#L27):config.maxContentLengthorconfig.maxBodyLength, which only apply to HTTP streams.data:URI of arbitrary size can cause the Node process to allocate the entire content into memory.In comparison, normal HTTP responses are monitored for size, the HTTP adapter accumulates the response into a buffer and will reject when
totalResponseBytesexceeds[maxContentLength](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L550). No such check occurs fordata:URIs.PoC
Run with limited heap to force a crash:
Since Node heap is capped at 100 MB, the process terminates with an out-of-memory error:
Mini Real App PoC:
A small link-preview service that uses axios streaming, keep-alive agents, timeouts, and a JSON body. It allows data: URLs which axios fully ignore
maxContentLength,maxBodyLengthand decodes into memory on Node before streaming enabling DoS.Run this app and send 3 post requests:
Suggestions
Enforce size limits
For
protocol === 'data:', inspect the length of the Base64 payload before decoding. Ifconfig.maxContentLengthorconfig.maxBodyLengthis set, reject URIs whose payload exceeds the limit.Stream decoding
Instead of decoding the entire payload in one
Buffer.fromcall, decode the Base64 string in chunks using a streaming Base64 decoder. This would allow the application to process the data incrementally and abort if it grows too large.Release Notes
axios/axios (axios)
v1.12.0Compare Source
Bug Fixes
Features
Contributors to this release
v1.11.0Compare Source
Bug Fixes
Contributors to this release
v1.10.0Compare Source
Bug Fixes
Features
Contributors to this release
v1.9.0Compare Source
Bug Fixes
getSetCookieby using 'get' method for caseless access; (#6874) (d4f7df4)Features
Contributors to this release
1.8.4 (2025年03月19日)
Bug Fixes
allowAbsoluteUrls: falsewithoutbaseURL(#6833) (f10c2e0)Contributors to this release
1.8.3 (2025年03月10日)
Bug Fixes
allowAbsoluteUrlstobuildFullPathinxhrandfetchadapters (#6814) (ec159e5)Contributors to this release
1.8.2 (2025年03月07日)
Bug Fixes
Contributors to this release
1.8.1 (2025年02月26日)
Bug Fixes
generateStringto platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)Contributors to this release
v1.8.4Compare Source
Bug Fixes
allowAbsoluteUrls: falsewithoutbaseURL(#6833) (f10c2e0)Contributors to this release
v1.8.3Compare Source
Bug Fixes
getSetCookieby using 'get' method for caseless access; (#6874) (d4f7df4)Features
Contributors to this release
1.8.4 (2025年03月19日)
Bug Fixes
allowAbsoluteUrls: falsewithoutbaseURL(#6833) (f10c2e0)Contributors to this release
1.8.3 (2025年03月10日)
Bug Fixes
allowAbsoluteUrlstobuildFullPathinxhrandfetchadapters (#6814) (ec159e5)Contributors to this release
1.8.2 (2025年03月07日)
Bug Fixes
Contributors to this release
1.8.1 (2025年02月26日)
Bug Fixes
generateStringto platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)Contributors to this release
v1.8.2Compare Source
Bug Fixes
Contributors to this release
v1.8.1Compare Source
Bug Fixes
getSetCookieby using 'get' method for caseless access; (#6874) (d4f7df4)Features
Contributors to this release
1.8.4 (2025年03月19日)
Bug Fixes
allowAbsoluteUrls: falsewithoutbaseURL(#6833) (f10c2e0)Contributors to this release
1.8.3 (2025年03月10日)
Bug Fixes
allowAbsoluteUrlstobuildFullPathinxhrandfetchadapters (#6814) (ec159e5)Contributors to this release
1.8.2 (2025年03月07日)
Bug Fixes
Contributors to this release
1.8.1 (2025年02月26日)
Bug Fixes
generateStringto platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)Contributors to this release
v1.8.0Compare Source
Bug Fixes
Features
Reverts
BREAKING CHANGES
code relying on the above will now combine the URLs instead of prefer request URL
feat: add config option for allowing absolute URLs
fix: add default value for allowAbsoluteUrls in buildFullPath
fix: typo in flow control when setting allowAbsoluteUrls
Contributors to this release
1.7.9 (2024年12月04日)
Reverts
Contributors to this release
1.7.8 (2024年11月25日)
Bug Fixes
globalThis.TextEncoderwhen available (#6634) (df956d1)Contributors to this release
1.7.7 (2024年08月31日)
Bug Fixes
Contributors to this release
1.7.6 (2024年08月30日)
Bug Fixes
Contributors to this release
1.7.5 (2024年08月23日)
Bug Fixes
ReferenceError: navigator is not definedfor custom environments; (#6567) (fed1a4b)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.