GHSA-X4M5-4CW8-VC44 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...