What is Axios? Axios is a promise-based HTTP client for Node.js and browsers. It’s one of the most popular libraries in the JavaScript ecosystem, powering countless apps, frameworks, and services. Because of its huge install base security research here particularly impactful. How It Started 2 weeks ago while working on a personal project, I’ve planned to use Axios, a library I’ve relied on many times before. At that moment I realized that although I’ve had good success in bug bounty hunting, I never had a CVE in a serious, widely used open-source project. That thought motivated me to dive into Axios and look for issues. I started my research by reading old CVEs and GitHub issues related to it. This helped me understand the kind of problems that had been discovered before and where weaknesses might exist. With that context I began auditing specific areas of the codebase. ...