Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.
0.19.0+dfsg-20.21.1+dfsg-10.23.0+dfsg-20.24.0+dfsg-10.25.0+dfsg-20.26.0+dfsg-11.2.1+dfsg-11.5.1+dfsg-11.6.2+dfsg-11.6.8+dfsg-21.11.0+dfsg-11.7.9+dfsg-11.8.4+dfsg-11.11.0+dfsg-11.12.1+dfsg-11.13.2+dfsg-1build1Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N