Unknown · Find-My-Way · CVE-2020-7764
**Name of the Vulnerable Software and Affected Versions**
find-my-way versions prior to 2.2.5
find-my-way versions 3.0.0 through 3.0.5
**Description**
The issue affects the package find-my-way, which accepts the `Accept-Version` header by default. If versioned routes are not being used, this could lead to a denial of service. The `Accept-Version` header can be used as an unkeyed header in a cache poisoning attack.
**Recommendations**
For versions prior to 2.2.5, update to version 2.2.5 or later.
For versions 3.0.0 through 3.0.5, update to version 3.0.5 or later.
As a temporary workaround, consider disabling the use of the `Accept-Version` header until a patch is available.
Restrict access to the cache to minimize the risk of cache poisoning attacks.