Kishore03109

**Name of the Vulnerable Software and Affected Versions** Axios Cache Interceptor versions prior to 1.11.1 **Description** Axios Cache Interceptor, a cache interceptor for axios, improperly handles responses with the `Vary: Authorization` header. Prior to version 1.11.1, the cache key was generated solely from the URL, disregarding request headers like `Authorization`. This resulted in incorrect cached responses being returned when a server made requests to an upstream service using different authentication tokens, leading to potential authorization bypass. Server-side applications utilizing axios-cache-interceptor to cache requests to upstream services, handling requests from multiple users with differing authentication tokens, and relying on the `Vary` header for cache differentiation are susceptible. Browser or client-side applications, where each session is tied to a single user, are not affected. The issue arises because the library ignores the `Vary` header, causing all requests to share the same cache irrespective of authorization. This can lead to the leakage of user data across authenticated sessions. After version 1.11.1, support for the `Vary` header is enabled by default, including the authorization header value in the cache key. **Recommendations** Upgrade to version 1.11.1 or later to benefit from the automatic `Vary` header support.