Axios and undescore security update (MINDBREEZE32145)

ID: MINDBREEZE32145 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: High 7.5 
Status: Final 
First published: October 10, 2024 
CVEs: CVE-2021-3749, CVE-2021-23358,  CVE-2022-31129, CVE-2020-28168,  CVE-2023-45857 

Summary

axios Inefficient Regular Expression Complexity vulnerability

Axios vulnerable to Server-Side Request Forgery

Axios Cross-Site Request Forgery Vulnerability

Arbitrary Code Execution in underscore

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire Release 24.6 
• Mindbreeze InSpire Saas Release 24.6