← back
CVE-2021-3749

Inefficient Regular Expression Complexity in axios/axios

CVSS 7.5 HIGHEPSS 8.5%CWE-1333
In short

The axios library contains a regex pattern that becomes very slow when processing certain types of input, allowing attackers to cause performance problems or denial of service by sending specially crafted requests.

Technical detail

axios contains an inefficient regular expression (ReDoS vulnerability) in URL parsing that exhibits exponential backtracking on malformed input. An attacker can exploit this by providing a specially crafted URL string, causing the application to hang or consume excessive CPU resources without requiring authentication.

Summary generated and translated by AI from the official description.
axios is vulnerable to Inefficient Regular Expression Complexity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
axios · axios/axios

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E