Lucene search
K

4 matches found

Veracode
Veracode
added 2026/06/25 10:43 a.m.9 views

Cache Bypass

Undici is vulnerable to Cache Bypass. The vulnerability is due to Undici's cache interceptor incorrectly classifying some responses as cacheable, where the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names, and attackers can exploit this by serving a...

5.9CVSS7.1AI score0.00374EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/17 11:25 p.m.11 views

CVE-2026-9678

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS4.8AI score0.00374EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Use of Cache Containing Sensitive Information

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.13 views

CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS0.00374EPSS
Exploits0References2
Rows per page
Query Builder