2 matches found
Cache Bypass
Undici is vulnerable to Cache Bypass. The vulnerability is due to Undici's cache interceptor incorrectly classifying some responses as cacheable, where the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names, and attackers can exploit this by serving a...
CVE-2026-9678
Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...