Security vulnerabilities and automated fixes for stream security issues
1 post found
A medium-severity Denial of Service vulnerability (CVE-2026-42036) was discovered in axios 1.12.2, where using `responseType: 'stream'` could allow an attacker to exhaust server memory through unbounded stream consumption. The fix upgrades axios from version 1.12.2 to 1.15.1 in the project's `pnpm-lock.yaml`, closing the attack surface before it could be exploited in production.