Authorization Bypass

Axios Cache Interceptor is vulnerable to an Authorization Bypass. The vulnerability is due to improper cache key generation, where cached responses are keyed only by URL and ignore the Authorization header and Vary: Authorization, causing responses generated for one user’s auth token to be reused...

@0xecho/button (>=0.0.1 <=0.0.17), @anguyenguy/frontend-platform (>=1.0.1 <=1.0.2) +68 more potentially affected by CVE-2025-69202 via axios-cache-interceptor (>=0.10.7 <=1.0.0)

axios-cache-interceptor NPM version =0.10.7, =0.0.1, =1.0.1, =0.4.0, =0.0.1, =5.0.2-alpha.1-nelp.1, =0.1.0-testing, =3.3.0-alpha.1, =1.1.0, =1.0.0, =1.0.0-semantically-released, =11.7.0, =4.8.1, =5.5.0 and more Source cves: CVE-2025-69202 Source advisory: OSV:GHSA-X4M5-4CW8-VC44...

GHSA-X4M5-4CW8-VC44 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

@tutkli/jikan-ts (>=0.6.1 <=0.6.3) potentially affected by CVE-2025-69202 via axios-cache-interceptor (=1.0.0)

axios-cache-interceptor NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios-cache-interceptor and may be impacted: - @tutkli/jikan-ts =0.6.1, =0.6.3 Source cves: CVE-2025-69202 Source advisory: SNYK:JS-AXIOSCACHEINTERCEPTOR-1472426...

Cache Poisoning

Overview axios-cache-interceptor is a Cache interceptor for axios Affected versions of this package are vulnerable to Cache Poisoning by ignoring the Vary HTTP header. An attacker can access unauthorized cached responses to obtain sensitive user data by sending requests with multiple different...

CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...

CVE-2025-69202

The CVE describes a cache poisoning/vulnerability in axios-cache-interceptor prior to v1.11.1: the cache key is generated from the URL only, ignoring request headers like Authorization. When upstream responses include Vary: Authorization, this leads to identical cached responses being served for ...

CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...

Axios Cache Interceptor 安全漏洞

Axios Cache Interceptor is a cache interceptor by the individual developer Arthur Fiorette. A security vulnerability exists in Axios Cache Interceptor versions prior to 1.11.1, which stems from cache key generation ignoring the authorization header, which could lead to authorization bypass...

PT-2025-53783

Name of the Vulnerable Software and Affected Versions Axios Cache Interceptor versions prior to 1.11.1 Description Axios Cache Interceptor, a cache interceptor for axios, improperly handles responses with the Vary: Authorization header. Prior to version 1.11.1, the cache key was generated solely...