{"id":"CVE-2023-45857","details":"An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.","aliases":["GHSA-wf5p-g6vw-rhxx"],"modified":"2026-05-15T04:07:29.172201332Z","published":"2023-11-08T00:00:00Z","related":["CGA-cw62-762j-87ch"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45857.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45857.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45857"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"REPORT","url":"https://github.com/axios/axios/issues/6006"}],"schema_version":"1.7.5"}