F-2025-0022·configuration

Missing HTTP request timeouts in axios clients on SKIP APIs

Fixedtypescriptwidgetrouter-api

TL;DR

Axios clients calling the SKIP APIs did not set HTTP request timeouts, allowing slow or hung upstream responses to block widget operations indefinitely.

Severity

LOW

Impact

LOW

Likelihood

MEDIUM

Method

MManual review

CAT.

Complexity

LOW

Exploitability

LOW

02Section · Description

Description

The axios clients used to call the SKIP APIs did not configure HTTP request timeouts. A slow or unresponsive upstream could block calls indefinitely, freezing the widget's flows.

03Section · Recommendation

Recommendation

Set a sensible request timeout on every axios client (e.g., 10-30s depending on operation). Surface timeout errors as actionable user-visible failures.

Initia: Resolved. Pashov Audit Group: Resolved.

Status

Fixed

Fix commit

de9d3602dc1a

Fix date

2025-06-23