Vulnerability	Vulnerable Version
M Cache Poisoning axios-cache-interceptor is a Cache interceptor for axios Affected versions of this package are vulnerable to Cache Poisoning by ignoring the `Vary` HTTP header. An attacker can access unauthorized cached responses to obtain sensitive user data by sending requests with multiple different authorization tokens, as the cache does not differentiate based on the `Authorization` header when an upstream service uses the `Vary: Authorization` response header. Note: This is only exploitable if the application is server-side, handles requests from multiple users with different authorization tokens, and the upstream service relies on the `Vary` header to differentiate cache entries. How to fix Cache Poisoning? Upgrade `axios-cache-interceptor` to version 1.11.1 or higher.	<1.11.1

Cache Poisoning

axios-cache-interceptor is a Cache interceptor for axios

Affected versions of this package are vulnerable to Cache Poisoning by ignoring the Vary HTTP header. An attacker can access unauthorized cached responses to obtain sensitive user data by sending requests with multiple different authorization tokens, as the cache does not differentiate based on the Authorization header when an upstream service uses the Vary: Authorization response header.

Note: This is only exploitable if the application is server-side, handles requests from multiple users with different authorization tokens, and the upstream service relies on the Vary header to differentiate cache entries.

How to fix Cache Poisoning?

Upgrade axios-cache-interceptor to version 1.11.1 or higher.

<1.11.1

Go back to all versions of this package