CVE-2019-10742

NameCVE-2019-10742
DescriptionAxios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs928624

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-axios (PTS)buster0.17.1+dfsg-2+deb10u1fixed
bullseye0.21.1+dfsg-1+deb11u1fixed
bookworm, sid0.26.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-axiossource(unstable)0.17.1+dfsg-2928624

Notes

https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
https://github.com/axios/axios/issues/1098
https://github.com/axios/axios/pull/1485
Search for package or bug name: Reporting problems