Andrewmohawk

**Name of the Vulnerable Software and Affected Versions** undici versions prior to 7.28.0 undici versions prior to 8.5.0 **Description** The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or no-cache field names, such as `private=" authorization"` or `no-cache="tauthorization"`. Because the parser preserves this surrounding whitespace, comparisons against the literal `authorization` field name fail, causing the response to be stored. In shared-cache mode, this can lead to cross-user information disclosure, where a response containing one user's authenticated data is served from the cache to a subsequent caller, including unauthenticated users, if both requests share the same cache key. **Recommendations** Upgrade to version 7.28.0. Upgrade to version 8.5.0. Disable shared-cache mode for traffic that includes Authorization headers. Avoid caching responses to authenticated requests. Add `Vary: Authorization` upstream.

**Name of the Vulnerable Software and Affected Versions** nghttp2 versions prior to 1.68.1 **Description** nghttp2 is a C implementation of the Hypertext Transfer Protocol version 2. Versions of nghttp2 prior to 1.68.1 are susceptible to a denial-of-service condition. This occurs because the library does not properly validate its internal state after the `nghttp2 session terminate session` or `nghttp2 session terminate session2` APIs are called. Consequently, the library continues to process incoming data, and a malformed frame can trigger an assertion failure, leading to a crash. The issue is triggered by receiving a frame that causes a FRAME SIZE ERROR. **Recommendations** Update to nghttp2 version 1.68.1 or later.

**Name of the Vulnerable Software and Affected Versions** @web3-react versions prior to the updated npm artifacts **Description** The `chainId` may be outdated if the user changes chains as part of the connection flow, causing the value of `chainId` returned by `useWeb3React()` to be incorrect. This can lead to incorrect data derived from `chainId`, such as a wrapped token contract address in a swapping application, potentially causing users to send funds to the incorrect address. **Recommendations** For @web3-react versions prior to the updated npm artifacts, upgrade to at least: - @web3-react/coinbase-wallet@^8.0.35-beta.0 - @web3-react/eip1193@^8.0.27-beta.0 - @web3-react/metamask@^8.0.30-beta.0 - @web3-react/walletconnect@^8.0.37-beta.0 As a temporary workaround, consider verifying the `chainId` value before deriving any critical data from it.