This page collects WhisperX intelligence signals tagged #CVE-2023-45857. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the widely-used Axios HTTP client library has forced a major version update for countless projects. The flaw, tracked as CVE-2023-45857, inadvertently exposes the confidential XSRF-TOKEN stored in cookies by automatically including it in the HTTP header for every request made to any...
A critical security vulnerability in the widely-used Axios HTTP client library has been flagged, exposing confidential XSRF tokens in every outgoing request. The flaw, tracked as CVE-2023-45857, affects versions 0.8.1 through 1.5.1. The vulnerability causes the library to inadvertently include the sensitive `X-XSRF-TOK...
A critical security vulnerability in the widely-used Axios HTTP client library is actively exposing sensitive user data. The flaw, tracked as CVE-2023-45857, inadvertently leaks the confidential XSRF-TOKEN stored in browser cookies by automatically including it in the HTTP header for every request sent to any host. Thi...
一个在 Axios 1.5.1 版本中发现的漏洞,可能导致应用程序无意中将敏感的 XSRF-TOKEN 泄露给潜在的攻击者。该问题被标记为中等严重性,CVSS 评分为 6.5。漏洞的核心在于,该版本的 HTTP 客户端库会错误地将存储在浏览器 cookie 中的 XSRF-TOKEN 包含在发送给任何主机的 HTTP 请求头 `X-XSRF-TOKEN` 中,而不仅仅是预期的目标服务器。这使得攻击者有可能通过中间人攻击或其他方式,查看本应保密的信息。 Axios 是一个广泛使用的、基于 Promise 的 HTTP 客户端,适用于浏览器和 Node.js 环境。此次受影响的特定版本是 1.5.1,但扫描报告在 `axios-0.1...
A critical security vulnerability in the widely-used Axios HTTP client library is actively exposing sensitive user tokens. The flaw, tracked as CVE-2023-45857, affects versions 0.8.1 through 1.5.1, inadvertently leaking the confidential XSRF-TOKEN stored in cookies. The library incorrectly includes this token in the HT...
A critical security vulnerability in the widely-used Axios HTTP client library is forcing developers to scramble for updates. The flaw, tracked as CVE-2023-45857, inadvertently leaks the confidential XSRF-TOKEN stored in cookies by automatically including it in the HTTP header for every request made to any host. This e...
A critical security flaw in the widely used Axios HTTP client library has forced developers to scramble for updates. The vulnerability, tracked as CVE-2023-45857, inadvertently exposes the confidential XSRF-TOKEN stored in a user's cookies by automatically including it in the HTTP header for every request made to any h...