Axios prototype-pollution header injection gadget chain

This repository is a self-contained JavaScript PoC environment for CVE-2026-40175, described as an Axios CRLF injection issue in vulnerable Axios versions. It is not a framework module; it is a standalone exploit lab built around Node.js, Docker, nginx, and a mock AWS IMDSv2 service. Structure and purpose: - README.md explains the vulnerability, attack chain, prerequisites, and test scenarios. - docker-compose.yml plus Dockerfile.backend and Dockerfile.imds build a multi-container lab with three services: backend, nginx, and a mock IMDS service. - poc/backend-server.js provides a backend HTTP server on port 3001 that logs requests and exposes /last-request, plus a static server on port 3003 for the browser PoC. - poc/nginx-container.conf configures nginx as an intentionally unsafe open proxy using proxy_pass http://$http_host with resolver 127.0.0.11 and ignore_invalid_headers on, which is central to the SSRF demonstration. - poc/mock-imds.js simulates AWS IMDSv2, including token issuance and fake credential retrieval. - poc/test-axios-adapter-backend.js and poc/test-axios-adapter-nginx.js are Node-based PoCs that use a custom rawSocketAdapter built on net.Socket to bypass normal Node HTTP header validation and send raw HTTP containing CRLF-injected headers. - poc/test-axios-no-adapter.js demonstrates that standard Axios/Node behavior blocks the attack path without the custom adapter. - poc/test-prototype-pollution.js demonstrates a full chain: vulnerable recursive merge -> Object.prototype pollution -> inherited headers -> Axios header serialization -> raw socket transmission -> nginx routing -> SSRF to IMDS. - poc/exploit.html is a browser-facing demonstration comparing standard XHR behavior versus a custom adapter/relay concept; it loads axios 1.14.0 from jsDelivr and is intended to visualize success/failure paths. Main exploit capabilities: 1. CRLF header injection into Axios-managed headers. 2. Construction of raw HTTP requests that preserve embedded CRLF sequences. 3. HTTP request smuggling by appending a second request after the injected header block. 4. SSRF through nginx by controlling the Host header used in proxy_pass http://$http_host. 5. Access to internal metadata-style endpoints, specifically a mock IMDSv2 token endpoint and credential endpoint. 6. Demonstration of prototype pollution as an upstream primitive for injecting malicious headers into Axios configuration. Notable observations: - The exploit is operational rather than merely theoretical because it includes working code for raw socket transmission and a complete lab environment. - The repository is educational and intentionally uses a mock IMDS service with fake credentials rather than real cloud targets. - package.json references scripts for poc/vulnerable-app.js and poc/exploit.js, but those files are not present in the provided file list; the actual usable entry points are the test scripts under poc/. - The browser PoC references a relay on port 3004 in the README/UI, but the shown backend-server.js only implements ports 3001 and 3003; relay functionality may be incomplete or omitted from the provided content.