Name of the Vulnerable Software and Affected Versions Gw2WebApiClient versions prior to 0.3.1

Description The issue arises when using one MemoryCacheMethod object across multiple instances of Gw2WebApiClient with different access tokens for authenticated endpoints. This can lead to cached authenticated responses being leaked to subsequent requests to the same endpoint but with a different access token, resulting in the second or later responses potentially containing the same data as the first response. The occurrence of this issue is limited due to the Guild Wars 2 API not using the Expires header on most authenticated endpoints, which prevents caching of responses when this header is missing.

Recommendations For versions prior to 0.3.1, use a separate instance of MemoryCacheMethod per Gw2WebApiClient to mitigate the issue. Update to at least version 0.3.1, where the bug has been fixed by prepending the SHA-1 hash of the access token to the cache id when using an authenticated endpoint.