Skip to main content

Axios CVE-2019-10742

HIGH
Improper Handling of Exceptional Conditions (CWE-755)
2019-05-07 report@snyk.io
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 07, 2019 - 19:29 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 19,974 npm packages depend on axios (12,509 direct, 7,671 indirect)

Ecosystem-wide dependent count for version 0.18.1.

DescriptionNVD

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

AnalysisAI

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-755. Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. Affected products include: Axios.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Axios

View all
CVE-2026-42043 CRITICAL POC
10.0 Apr 24

NO_PROXY protection bypass in Axios HTTP client (versions 1.0.0-1.15.0 and ≤0.31.0) lets an attacker who controls a requ

CVE-2026-42044 CRITICAL POC
9.1 Apr 24

JSON response tampering in the Axios HTTP client (versions 1.0.0 up to but not including 1.15.2) lets an attacker who ca

CVE-2025-27152 HIGH POC
7.7 Mar 07

axios is a promise based HTTP client for the browser and node.js. Rated high severity (CVSS 7.7), this vulnerability is

CVE-2025-58754 HIGH POC
7.5 Sep 12

Axios is a promise based HTTP client for the browser and Node.js. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2026-25639 HIGH POC
7.5 Feb 09

Axios versions up to 0.30.3 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

CVE-2024-39338 HIGH POC
7.5 Aug 12

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative

CVE-2021-3749 HIGH POC
7.5 Aug 31

axios is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2026-42033 HIGH POC
7.4 Apr 24

Prototype pollution in Axios HTTP client versions before 1.15.1 and 0.31.1 enables silent interception and modification

CVE-2026-42039 MEDIUM POC
6.9 Apr 24

Denial of service in Axios HTTP client before versions 1.15.1 and 0.31.1 allows remote unauthenticated attackers to cras

CVE-2026-42041 MEDIUM POC
6.5 Apr 24

Prototype pollution in Axios library versions prior to 1.15.1 and 0.31.1 allows remote attackers to suppress HTTP error

CVE-2023-45857 MEDIUM POC
6.5 Nov 08

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it i

CVE-2025-62718 MEDIUM POC
6.3 Apr 09

Hostname normalization bypass in Axios (JavaScript HTTP client) versions prior to 1.15.0 allows unauthenticated remote a

Share

CVE-2019-10742 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy