Description
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Exploits (3)
nomisec
WORKING POC
1 stars
by fuyuooumi1027 · poc
https://github.com/fuyuooumi1027/CVE-2023-45857-Demo
Scores
CVSS v3
6.5
EPSS
0.0014
EPSS Percentile
33.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lab Environment
Details
CWE
CWE-352
Status
published
Products (2)
axios/axios
1.5.1
npm/axios
1.0.0 - 1.6.0npm
Published
Nov 08, 2023
Tracked Since
Feb 18, 2026