fix(security): update vulnerability-updates [security]#422
Open
renovate[bot] wants to merge 1 commit into
Open
fix(security): update vulnerability-updates [security]#422renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Contributor
Author
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.14.3→1.14.4^0.44.0→^0.75.0^0.50.0→^0.217.01.15.2→1.16.07.5.6→7.5.86.15.1→6.15.2@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash
CVE-2026-48069 / GHSA-99f4-grh7-6pcq
More information
Details
Impact
An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js
Patches
The following version have fixes for this vulnerability:
Workarounds
There is no workaround.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
@grpc/grpc-js: A malformed request can cause a server crash
CVE-2026-48068 / GHSA-5375-pq7m-f5r2
More information
Details
Impact
An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js.
Patches
The following version have fixes for this vulnerability:
Workarounds
There is no workaround.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Prometheus exporter process crash via malformed HTTP request
CVE-2026-44902 / GHSA-q7rr-3cgh-j5r3
More information
Details
Summary
A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default
0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid URI causes an uncaughtTypeErrorthat terminates the process.You are affected by this vulnerability if either of the following apply to your application:
@opentelemetry/exporter-prometheusin your code through its built-in server.OTEL_METRICS_EXPORTERenvironment variable includesprometheusAND@opentelemetry/sdk-node@opentelemetry/auto-instrumentations-nodevia--require @​opentelemetry/auto-instrumentations-node/register/--import @​opentelemetry/auto-instrumentations-node/registerImpact
Denial of service. Any application using the OpenTelemetry Prometheus exporter’s built-in server can be crashed by a single unauthenticated network packet sent to the metrics port. No authentication, special privileges, or prior access is required.
Remediation
Update to the fixed version
Update
@opentelemetry/exporter-prometheusand@opentelemetry/sdk-nodeto version 0.217.0 or later.Update
@opentelemetry/auto-instrumentations-nodeto version 0.75.0 or later.This release adds proper error handling around the URL constructor, returning an HTTP
400response on parse failure rather than allowing the exception to propagate and crash the process.Do Not Expose the Endpoint to Untrusted Users
If updating is not immediately feasible, restrict access to the metrics endpoint so that it is not reachable by untrusted or unauthenticated network clients. For example:
Bind to localhost only by setting the
hostoption to127.0.0.1when configuring thePrometheusExporter, so the port is not exposed on public or shared network interfacesUse a firewall or network policy to restrict access to port
9464(or whichever port you have configured) to only trusted Prometheus scrape hostsPlace the endpoint behind a reverse proxy that filters or validates incoming requests before they reach the exporter
Details
In
PrometheusExporter.ts, the_requestHandlercallsnew URL(request.url, this._baseUrl)without any error handling. Node's HTTP parser accepts absolute-form URIs (e.g.http://) for proxy compatibility, including malformed ones. Whenrequest.urlis"http://", theURLconstructor throwsTypeError: Invalid URL. Since there is no try-catch in the handler, the exception propagates as an uncaught exception and crashes the process.The Prometheus metrics endpoint is unauthenticated by design (Prometheus scrapes it) and binds to
0.0.0.0by default, meaning it is reachable by any network client that can connect to the metrics port.Proof of Concept
Start any Node.js application with the Prometheus exporter running on the default port
9464, then send a single raw TCP packet:The process crashes immediately with:
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
CVE-2026-44489 / GHSA-654m-c8p4-x5fp
More information
Details
[Patch Bypass] Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2
Summary
The
Object.create(null)fix introduced in Axios 1.15.2 (GHSA-q8qp-cvcw-x6jj) protects the top-level config object from prototype pollution. However, nested objects created byutils.merge()(e.g.,config.proxy) are still constructed as plain{}withObject.prototypein their chain.The
setProxy()function atlib/adapters/http.js:209-223readsproxy.username,proxy.password, andproxy.authwithouthasOwnPropertychecks. WhenObject.prototype.usernameis polluted,setProxy()constructs aProxy-Authorizationheader with attacker-controlled credentials and injects it into every proxied HTTP request.Severity: Medium (CVSS 5.4)
Affected Versions: 1.15.2 (and potentially 1.15.1)
Vulnerable Component:
lib/adapters/http.js(setProxy()) +lib/utils.js(merge())CWE
CVSS 3.1
Score: 5.6 (Medium)
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:Lconfig.proxy. Unlike GHSA-q8qp-cvcw-x6jj which affected all requests unconditionallyconfig.baseURLhijack)Why This Is Lower Severity Than GHSA-q8qp-cvcw-x6jj (7.4 High)
config.proxysetconfig.baseURLPPconfig.authPPAuthorizationto target serverProxy-Authorizationto proxyThis Is a Patch Bypass
This vulnerability bypasses the fix introduced in Axios 1.15.2 for GHSA-q8qp-cvcw-x6jj. The fix correctly uses
Object.create(null)for the config object, blocking direct prototype pollution onconfig.proxy,config.auth, etc.However, the fix is incomplete: when a user legitimately sets
config.proxy = { host: 'proxy.corp', port: 8080 }, themergeConfig()function passes this object throughutils.merge(), which creates a new plain{}object (lib/utils.js:406: const result = {};). This new object inherits fromObject.prototype, re-opening the prototype pollution attack surface on the nested proxy object.config(top-level)Object.create(null)config.proxy(nested)utils.merge()→const result = {}setProxy()readsproxy.username,proxy.authwithouthasOwnPropertyRoot Cause Analysis
Step 1:
utils.merge()creates plain{}for nested objectsFile:
lib/utils.js, line 406When
mergeConfig()processesconfig.proxy,getMergedValue()callsutils.merge(), which creates a plain{}for the nested object. This plain object inherits fromObject.prototype.Step 2:
setProxy()reads proxy properties withouthasOwnPropertyFile:
lib/adapters/http.js, lines 209-223Complete Attack Chain
Proof of Concept
Reproduction Environment
Reproduction Steps
Verified PoC Output
Confirming the Bypass Mechanism
Fix 2: Use null-prototype objects in
utils.merge()Fix 3 (Comprehensive): Apply null-prototype to all objects created by
getMergedValue()References
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
CVE-2026-44490 / GHSA-898c-q2cr-xwhg
More information
Details
Summary
axios
1.15.2exposes two read-side prototype-pollution gadgets. WhenObject.prototypeis polluted by an upstream dependency in the same process (e.g. lodash_.merge/ CVE-2018-16487), axios silently picks up the polluted values:lib/utils.jsline 406 buildsmerge()'s accumulator asresult = {}, soresult[targetKey](line 414) walksObject.prototypeand the polluted bucket's own keys are copied into the merged headers and ride out on the wire.lib/core/mergeConfig.jsline 26 builds thehasOwnPropertydescriptor as a plain-object literal.Object.definePropertyreadsdescriptor.get/descriptor.setvia the prototype chain, so a pollutedObject.prototype.getorObject.prototype.setmakes the call throwTypeErrorsynchronously on every axios request.Affected Properties
Object.prototype.commonObject.prototype.delete/.head/.post/.put/.patch/.queryObject.prototype.getTypeError: Getter must be a functionfrommergeConfig.js:26Object.prototype.setTypeError: Setter must be a functionfrommergeConfig.js:26Per-request headers (
axios.request(url, { headers: {...} })) overwrite polluted entries. PollutingObject.prototype.gettriggers the crash before any header is built.Proof of Concept
Impact
Content-Length: 99999): receiver waits for a body that never arrives. Affects requests with a body.Transfer-Encoding: chunkedrides alongside axios's autoContent-Length): receiver rejects with400 Bad Request. Affects requests with a body.If-None-Match: *): receiver returns empty304 Not Modified. Affects GET / HEAD.Object.prototype.get/.set): every axios request fails synchronously withTypeError, notAxiosError, so handlers filtering onerror.isAxiosErrormishandle the failure.Attack Flow
flowchart TD ROOT["Polluted Object.prototype<br/>via upstream gadget (e.g. lodash <= 4.17.10 _.merge / CVE-2018-16487)<br/>axios <= 1.15.2"] ROOT --> CLASS_A["A. Arbitrary HTTP Header Injection<br/>Polluted defaults.headers slot rides along on every outbound axios request"] ROOT --> CLASS_B["B. Crash DoS via Object.prototype.get / .set<br/>Polluted descriptor breaks Object.defineProperty in mergeConfig"] CLASS_A --> PRE_A["Precondition: header not set per-request by the app<br/>Injected via defaults.headers slot<br/>(common, delete, head, post, put, patch, query)"] PRE_A --> PA1["Response Suppression<br/>Trigger: common = {If-None-Match: *}<br/>Affects GET / HEAD"] PA1 --> SA1["DoS<br/>304 Not Modified empty"] PRE_A --> PA2["Server Hang<br/>Trigger: common = {Content-Length: 99999}<br/>Affects requests with body"] PA2 --> SA2["DoS<br/>connection hang"] PRE_A --> PA3["CL+TE Conflict<br/>Trigger: common = {Transfer-Encoding: chunked}<br/>Affects requests with body"] PA3 --> SA3["DoS<br/>400 Bad Request"] CLASS_B --> SB1["DoS<br/>TypeError: Getter / Setter must be a function<br/>Crashes every axios request, not only GET"] %% Styles style ROOT fill:#f87171,stroke:#​991b1b,color:#fff style CLASS_A fill:#fb923c,stroke:#​9a3412,color:#fff style CLASS_B fill:#fb923c,stroke:#​9a3412,color:#fff style PRE_A fill:#e2e8f0,stroke:#​64748b,color:#​1e293b style PA1 fill:#fbbf24,stroke:#​92400e,color:#​000 style PA2 fill:#fbbf24,stroke:#​92400e,color:#​000 style PA3 fill:#fbbf24,stroke:#​92400e,color:#​000 style SA1 fill:#ef4444,stroke:#​991b1b,color:#fff style SA2 fill:#ef4444,stroke:#​991b1b,color:#fff style SA3 fill:#ef4444,stroke:#​991b1b,color:#fff style SB1 fill:#ef4444,stroke:#​991b1b,color:#fffRoot Cause
Finding A.
lib/utils.js:404-429'smerge()createsresult = {}at line 406. The dangerous-keys filter on lines 408-411 blocks the write side, but the read at line 414 (isPlainObject(result[targetKey])) still walks the prototype chain. WhentargetKeymatches a polluted slot,result[targetKey]returns the polluted nested object, and the recursivemerge(result[targetKey], val)on line 415 iterates that object's own keys viaforEachand copies them as own properties into the new accumulator. Those keys flow throughmergeConfig.js:35→Axios.js:148(utils.merge(headers.common, headers[config.method])) →Axios.js:155(AxiosHeaders.concat(...)) → onto the wire viahttp.js:677(headers: headers.toJSON()) →http.js:767(transport.request(options, ...)).Finding B.
lib/core/mergeConfig.js:25correctly makesconfig = Object.create(null), but the descriptor passed on line 26 is a plain-object literal - itsget/setlookups walkObject.prototype. A polluted non-functionObject.prototype.getor.setmakesObject.definePropertythrowTypeError: Getter must be a function(orSetter must be a function) before the call returns. The descriptor is built unconditionally on everymergeConfiginvocation, so every axios request throws - POST, PUT, DELETE, PATCH, HEAD, QUERY, not only GET.Suggested Fix
Use null-prototype objects in place of the plain-object literals at
lib/utils.js:406andlib/core/mergeConfig.js:26-31. The same descriptor pattern recurs atlib/core/AxiosError.js:37,lib/core/AxiosHeaders.js:100,lib/utils.js:447/454/492/498, andlib/adapters/adapters.js:28/32.Resources
lodash.mergeprototype pollution inlodash <= 4.17.10Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
CVE-2026-44492 / GHSA-pjwm-pj3p-43mv
More information
Details
Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as
127.0.0.1or169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1,::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked.Details
lib/helpers/shouldBypassProxy.js (v1.15.0):
The WHATWG URL parser canonicalises
http://[::ffff:127.0.0.1]/to hostname[::ffff:7f00:1]. After bracket-stripping:::ffff:7f00:1. This string does not match 127.0.0.1 in NO_PROXY and is not in LOOPBACK_ADDRESSES, so shouldBypassProxy returns false and the proxy is used. proxy-from-env (called before shouldBypassProxy) has the same gap - it does not equate ::ffff:7f00:1 with 127.0.0.1 - so neither layer catches the bypass.PoC
Node.js routes ::ffff:7f00:1 to 127.0.0.1:
Cloud metadata SSRF: ::ffff:a9fe:a9fe = ::ffff:169.254.169.254. If NO_PROXY=169.254.169.254 is set to block IMDS access, a request to http://[::ffff:a9fe:a9fe]/latest/meta-data/ bypasses it.
Fix
Canonicalise IPv4-mapped IPv6 in normalizeNoProxyHost before any comparison:
Impact
Any application that sets NO_PROXY to exclude internal or metadata endpoints and uses an HTTP/HTTPS proxy can have those exclusions bypassed by a URL using IPv4-mapped IPv6 notation. The attacker must control the request URL. In cloud environments with instance metadata services, this can lead to credential exfiltration.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in
config.proxyCVE-2026-44494 / GHSA-35jp-ww65-95wh
More information
Details
Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in
config.proxySummary
The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any
Object.prototypepollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack — intercepting, reading, and modifying all HTTP traffic including authentication credentials.The HTTP adapter at
lib/adapters/http.js:670readsconfig.proxyvia standard property access, which traverses the prototype chain. Becauseproxyis not present in Axios defaults, the merged config object has no ownproxyproperty, making it trivially injectable via prototype pollution. Once injected,setProxy()routes all HTTP requests through the attacker's proxy server.Unlike the
transformResponsegadget (which is constrained byassertOptionsto returntrue), the proxy gadget has zero constraints — the attacker gets a full MITM position with the ability to read all credentials and tamper with all responses.Severity: Critical (CVSS 9.4)
Affected Versions: All versions (v0.x - v1.x including v1.15.0)
Vulnerable Component:
lib/adapters/http.js(config property access on merged object)CWE
CVSS 3.1
Score: 9.4 (Critical)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LObject.prototype.proxy = {host:'attacker', port:8080}. Consistent with GHSA-fvcv-3m26-pcqx scoring methodologytransformResponsewhich must returntrueWhy This Bypasses mergeConfig
The critical difference from
transformResponse: theproxyproperty is not in defaults (lib/defaults/index.jsdoes not setproxy). This means:mergeConfigiteratesObject.keys({...defaults, ...userConfig})—proxyis NOT in this setdefaultToConfig2forproxyis never calledproxypropertyhttp.js:670readsconfig.proxy, JavaScript traverses the prototype chainObject.prototype.proxyis found → used bysetProxy()This is a more direct attack path than
transformResponsebecause it doesn't even go throughmergeConfig's merge logic — it completely bypasses it.Usage of "Helper" Vulnerabilities
This vulnerability requires Zero Direct User Input.
If an attacker can pollute
Object.prototypevia any other library in the stack (e.g.,qs,minimist,lodash,body-parser), Axios will automatically use the pollutedproxyvalue when making HTTP requests. The developer's code is completely safe — no configuration errors needed.Proof of Concept
1. The Setup (Simulated Pollution)
Imagine a scenario where a known prototype pollution vulnerability exists in a query parser. The attacker sends a payload that sets:
2. The Gadget Trigger (Safe Code)
The application makes a completely safe, hardcoded request:
3. The Execution
At
http.js:668-670:setProxy()athttp.js:191-239then:4. The Impact (Full MITM)
The attacker's proxy server receives:
The
Authorizationheader containssvc-account:prod-key-abc123!in Base64. The attacker:5. Verified PoC Code
Verified PoC Output
Impact Analysis
Authorizationheader, cookies, API keys, and request bodies are visible to the attacker's proxy in plaintext.transformResponse's "must return true".Why This Is More Severe Than transformResponse (axios_26)
this.auth+ response datatruetrue(suspicious)Recommended Fix
Fix 1: Use
hasOwnPropertywhen reading security-sensitive config propertiesFix 2: Enumerate all properties not in defaults and apply
hasOwnPropertyProperties not in defaults that are read by http.js and have security impact:
config.proxy— MITMconfig.socketPath— Unix socket SSRFconfig.transport— request hijackconfig.lookup— DNS hijackconfig.beforeRedirect— redirect manipulationconfig.httpAgent/config.httpsAgent— agent injectionAll should use
hasOwnPropertychecks.Fix 3: Use null-prototype object for merged config
Resources
Timeline
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Allocation of Resources Without Limits or Throttling in Axios
CVE-2026-44488 / GHSA-777c-7fjr-54vf
More information
Details
Summary
Axios versions
1.7.0through1.15.xdid not enforce configured request and response size limits when requests were sent with thefetchadapter. Applications that selectedadapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies larger thanmaxContentLengthormaxBodyLengthdespite those limits being explicitly configured.This can cause resource exhaustion in server-side usage when a malicious or compromised server returns an oversized response, when an attacker can supply a large
data:URL, or when an application forwards attacker-controlled request bodies through axios while relying onmaxBodyLengthas a boundary.Impact
The impact is availability-only. Affected applications may process, buffer, or transmit data beyond the configured limit, potentially exhausting memory, CPU, or network resources.
This does not affect axios’s default unlimited behaviour by itself:
maxContentLengthandmaxBodyLengthdefault to-1. The vulnerability exists when an application has configured finite limits and expects axios to enforce them.Server-side runtimes are the primary concern. Browser impact is generally constrained by the browser process and browser fetch behavior, and should not be described as server process exhaustion.
Affected Functionality
Affected functionality includes requests using the built-in
fetchadapter with finitemaxContentLengthormaxBodyLengthvalues.Relevant configurations include:
adapter: 'fetch'adapter: ['fetch', ...]whenfetchis selectedxhrnorhttpis available and axios falls back tofetchenv.fetchUnaffected functionality includes:
httpadapter enforcementTechnical Details
In vulnerable versions,
lib/adapters/fetch.jsdestructured request config withoutmaxContentLengthormaxBodyLength. The adapter dispatchedfetch()and then materialized the response throughtext(),arrayBuffer(),blob(), or related resolvers without checking the configured response limit.The fix in
e5540dcadded:maxContentLengthandmaxBodyLengthreads inlib/adapters/fetch.jsdata:URL decoded-size checksContent-Lengthresponse pre-checksReadableStreamtests/unit/adapters/fetch.test.jsProof of Concept of Attack