CVE-2024-1554

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-345
View all →

Vulnerability Description

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.

Related Vulnerabilities

CVE-2013-2167

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CWE-3452013

CVE-2015-3956

CRITICAL
CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pum...

CWE-3452015

CVE-2016-1000004

CRITICAL
CVSS:9.8(Critical)

Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0...

CWE-3452016

CVE-2017-3198

CRITICAL
CVSS:9.8(Critical)

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary mo...

CWE-3452017

CVE-2018-19971

CRITICAL
CVSS:9.8(Critical)

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

CWE-3452018

CVE-2019-11235

CRITICAL
CVSS:9.8(Critical)

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection ...

CWE-3452019