Practical Security Guides For Your Team

Your application uses a JavaScript library called Axios to make web requests. A flaw in one of its supporting components means that if your app routes traffic through an authenticated proxy server, those proxy login credentials could be accidentally sent to the wrong destination when a redirect occurs. This only affects you if your app uses proxy authentication — if it doesn't, you're not at risk.

Your application uses an outdated version of Axios, a popular tool that helps your app communicate with other services over the internet. Due to a bug in this version, a special security token — designed to protect your users from a type of attack where a malicious website tricks their browser into taking actions on your site — is accidentally sent to any external server your app talks to, not just your own. Think of it like a master key being slipped under every door in the building instead of just your own front door.