Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago4 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/17 6:21 p.m.10 views

Use of Cache Containing Sensitive Information

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting whitespace-padded...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.13 views

CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS0.00374EPSS
Exploits0References2
Rows per page
Query Builder