Security Vulnerability: Axios DoS in authorizenet dependency #103
Description
Summary
The authorizenet package (v1.0.10) contains a transitive dependency on a vulnerable version of axios (< 1.12.0) that is susceptible to a Denial of Service attack.
Vulnerability Details
CVE ID: CVE-2025-27152
GHSA ID: GHSA-4hjh-wcwx-xvwj
Severity: High
Discovery Date: July 12, 2025
Vulnerability: Axios is vulnerable to DoS attack through lack of data size check
Attack Vector: Supplying very large data: URIs causes unbounded memory allocation and potential process crash