This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| http-cache-semantics_project | http-cache-semantics | * |