VYPR

CWE-524

Use of Cache Containing Sensitive Information

BaseIncomplete

Description

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-204

CVEs mapped to this weakness (29)

page 2 of 2
  • CVE-2026-24472Jan 27, 2026
    risk 0.00cvss epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard…

  • CVE-2025-69202Dec 29, 2025
    risk 0.00cvss epss 0.00

    Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only…

  • CVE-2025-64762Nov 21, 2025
    risk 0.00cvss epss 0.00

    The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN…

  • CVE-2025-57752Aug 29, 2025
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such…

  • CVE-2024-49580Oct 17, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

  • CVE-2024-45596Sep 10, 2024
    risk 0.00cvss epss 0.01

    Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that…

  • CVE-2024-27917Mar 6, 2024
    risk 0.00cvss epss 0.01

    Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which…

  • CVE-2022-3292Sep 28, 2022
    risk 0.00cvss epss 0.00

    Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2019-11244Apr 22, 2019
    risk 0.00cvss epss 0.00

    In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to…