fix: upgrade lerna to 9.0.7 to resolve axios CVE-2026-40175

[Copilot]

• Remove overrides from package.json
• Upgrade lerna from ^7.1.1 to ^9.0.7 in devDependencies
• Update package-lock.json — lerna now pulls in nx@22.6.5 which depends on axios@1.15.0 (patched)
• Verified axios resolves to 1.15.0 in package-lock.json
• Merged main into branch and resolved package-lock.json conflict

Original prompt

---

This section details the Dependabot vulnerability alert you should resolve

<alert_title>Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain</alert_title>
<alert_description># Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Summary

The Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass).

While Axios patches exist for preventing check pollution, the library remains vulnerable to being used as a gadget when pollution occurs elsewhere. This is due to a lack of HTTP Header Sanitization (CWE-113) combined with default SSRF capabilities.

Severity: Critical (CVSS 9.9)
Affected Versions: All versions (v0.x - v1.x)
Vulnerable Component: lib/adapters/http.js (Header Processing)

Usage of "Helper" Vulnerabilities

This vulnerability is unique because it requires Zero Direct User Input.
If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, ini, body-parser), Axios will automatically pick up the polluted properties during its config merge.

Because Axios does not sanitise these merged header values for CRLF (\r\n) characters, the polluted property becomes a Request Smuggling payload.

Proof of Concept

1. The Setup (Simulated Pollution)

Imagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets:

Object.prototype['x-amz-target'] = "dummy\r\n\r\nPUT /latest/api/token HTTP/1.1\r\nHost: 169.254.169.254\r\nX-aws-ec2-metadata-token-ttl-seconds: 21600\r\n\r\nGET /ignore";

2. The Gadget Trigger (Safe Code)

The application makes a completely safe, hardcoded request:

// This looks safe to the developer
await axios.get('https://analytics.internal/pings'); 

3. The Execution

Axios merges the prototype property x-amz-target into the request headers. It then writes the header value directly to the socket without validation.

Resulting HTTP traffic:

GET /pings HTTP/1.1
Host: analytics.internal
x-amz-target: dummy

PUT /latest/api/token HTTP/1.1
Host: 169.254.169.254
X-aws-ec2-metadata-token-ttl-seconds: 21600

GET /ignore HTTP/1.1
...

4. The Impact (IMDSv2 Bypass)

The "Smuggled" second request is a valid PUT request to the AWS Metadata Service. It includes the required X-aws-ec2-metadata-token-ttl-seconds header (which a normal SSRF cannot send).
The Metadata Service returns a session token, allowing the attacker to steal IAM credentials and compromise the cloud account.

Impact Analysis

• Security Control Bypass: Defeats AWS IMDSv2 (Session Tokens).
• Authentication Bypass: Can inject headers (Cookie, Authorization) to pivot into internal administrative panels.
• Cache Poisoning: Can inject Host headers to poison shared caches.

Recommended Fix

Validate all header values in lib/adapters/http.js and xhr.js before passing them to the underlying request function.

Patch Suggestion:

// In lib/adapters/http.js
utils.forEach(requestHeaders, function setRequestHeader(val, key) {
  if (/[\r\n]/.test(val)) {
    throw new Error('Security: Header value contains invalid characters');
  }
  // ... proceed to set header
});

References

• OWASP: CRLF Injection (CWE-113)

This report was generated as part of a security audit of the Axios library.</alert_description>

critical
GHSA-fvcv-3m26-pcqx, CVE-2026-40175
axios
npm
<vulnerable_versions>1.4.0</vulnerable_versions>
<patched_version>1.15.0</patched_version>
<manifest_path>package-lock.json</manifest_path>

https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1 https://github.com/axios/axios/releases/tag/v1.15.0 https://nvd.nist.gov/vuln/detail/CVE-2026-40175 https://github.com/axios/axios/pull/10660 https://github.com/axios/axios/pull/10660#issuecomment-4224168081 https://github.com/axios/axios/pull/10688 https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c https://github.com/axios/axios/releases/tag/v0.31.0 https://github.com/advisories/GHSA-fvcv-3m26-pcqx

<task_instructions>Resolve this alert by updating the affected package to a non-vulnerable version. Prefer the lowest non-vulnerable version (see the patched_version field above) over the latest to minimize breaking changes. Include a Reachability Assessment section in the PR description. Review the alert_description field to understand which APIs, fea...

• Resolves mongodb-js/devtools-shared alert chore: import from https://github.com/mongodb-js/devtools-connect COMPASS-7645 #239

[nirinchev]

@copilot rather than overriding the axios version, can we instead upgrade lerna to latest?

[Copilot]

@copilot rather than overriding the axios version, can we instead upgrade lerna to latest?

Done in 0db3990. Upgraded lerna from ^7.1.1 to ^9.0.7 (latest) and removed the overrides entry. Lerna 9 pulls in nx@22.6.5, which depends directly on axios@1.15.0 (the patched version), so the CVE is resolved transitively.

[coveralls]

coverage: 78.312% (-0.02%) from 78.328% — copilot/fix-axios-header-injection-vulnerability into main

[nirinchev]

@copilot merge main into this branch and resolve the conflicts

[Copilot]

@copilot merge main into this branch and resolve the conflicts

Done in 9eb3588. Merged main into the branch — package.json auto-merged cleanly (picking up @babel/core: ^7.29.0 from main alongside our lerna: ^9.0.7), and package-lock.json was regenerated to resolve the conflict. lerna@9.0.7, nx@22.6.5, and axios@1.15.0 all resolve correctly.