Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

JennaySDavis · 2024-01-05T15:21:45Z

Severity - Moderate

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host, allowing attackers to view sensitive information.

JennaySDavis · 2024-01-29T19:42:22Z

#161 Acceptance Criteria

Pass/Fail	Description
Pass	Execute Search; sam.gov returns results to 889 Tool

Comments/Additional Notes
*A minor issue with aria labels was located, affecting the accessibility score. See https://github.com/orgs/GSA/projects/116/views/3?pane=issue&itemId=51527311

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	98
Accessibility	96
Best Practices	93

Passed 01/29/2024 - JSD

LoraBradford · 2024-02-01T16:08:32Z

Reviewed 889 tool, did not see any issues. Story #185 will fix the accessibility score. Thank you! Moving to done!

JennaySDavis added the Tech Task label Jan 5, 2024

felder101 added the Sprint 23 label Jan 29, 2024

felder101 self-assigned this Jan 29, 2024

JennaySDavis assigned johnbeallgsa and LoraBradford and unassigned felder101 Jan 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

JennaySDavis commented Jan 5, 2024 •

edited

JennaySDavis commented Jan 29, 2024

LoraBradford commented Feb 1, 2024

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability #161

Comments

JennaySDavis commented Jan 5, 2024 • edited

JennaySDavis commented Jan 29, 2024

LoraBradford commented Feb 1, 2024

JennaySDavis commented Jan 5, 2024 •

edited