CVE-2021-3749

moderate-risk

Published 2021-08-31

axios is vulnerable to Inefficient Regular Expression Complexity

Do I need to act?

8.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Axios

Sinec Ins

Goldengate

Oracle Siemens Axios

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Patch https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929

Exploit https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31

Third Party Advisory https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Patch https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929

Exploit https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31

and 8 more references

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 12/34 · Low