The vulnerability is a prototype pollution gadget in Axios. The root cause is in the mergeConfig function, which constructs a configuration object for each request. In vulnerable versions, this object inherited properties from Object.prototype. If an attacker could pollute Object.prototype with a property like transformResponse (via another vulnerability in the application's dependency tree), Axios would treat the inherited property as part of its own configuration.
The primary exploit vector involves polluting Object.prototype.transformResponse with a malicious function. When Axios processes a response, the transformData function executes this malicious function. Because transformData calls the function with the request configuration as its this context, the attacker's code gains access to all request details, including sensitive data like auth credentials and headers. The function can also modify the response data returned to the application.
The patch addresses this by changing mergeConfig to create a null-prototype object (Object.create(null)), which does not inherit from Object.prototype, effectively severing the pollution chain. Additionally, other direct property accesses in functions like assertOptions, resolveConfig, and the httpAdapter were hardened to use hasOwnProperty checks, preventing similar gadgets.