CVE-2024-57965

Published Jan 29, 2025
·
Updated

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.

Affected Software

3 affected components
Axios axios<1.7.8
Axios Axios Node.js<1.7.8
IBM Concert Software<=1.0.0-2.1.0

Remediation

Patch Available

https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db

Patch Available

https://github.com/axios/axios/pull/6714

Event History

Jan 29, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Feb 10, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-57965?

CVE-2024-57965 is considered a low severity vulnerability as it primarily addresses a potential issue in how origins are determined.

2

How do I fix CVE-2024-57965?

To mitigate CVE-2024-57965, you should upgrade Axios to version 1.7.8 or later.

3

What software is affected by CVE-2024-57965?

CVE-2024-57965 affects Axios versions before 1.7.8.

4

Does CVE-2024-57965 represent a real security vulnerability?

Some experts believe CVE-2024-57965 primarily resolves a warning from a static analysis tool rather than a significant security vulnerability.

5

Can CVE-2024-57965 impact my web application's security?

While CVE-2024-57965 is not classified as high severity, it is still advisable to update to the latest version to ensure optimal security practices.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203