4 matches found
Cache Bypass
Undici is vulnerable to Cache Bypass. The vulnerability is due to Undici's cache interceptor incorrectly classifying some responses as cacheable, where the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names, and attackers can exploit this by serving a...
CVE-2026-9678
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...
Use of Cache Containing Sensitive Information
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...
CVE-2026-9678
Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...