CVE-2025-69202: Improper Header Dictionary Access
Direct property access or assignment to HTTP headers bypasses case-insensitivity mechanisms provided by structures like `AxiosHeaders` or `Fetch Headers`. This can cause critical headers (like 'Authorization' or 'Cache-Control') to be incorrectly extracted or overwritten, potentially leading to cache poisoning, authorization bypasses, or data leaks. Use `.ge
JSgreprules fetch cve-2025-69202-improper-header-dictionary-access --engine opengrepDescription
Direct property access or assignment to HTTP headers bypasses case-insensitivity mechanisms provided by structures like `AxiosHeaders` or `Fetch Headers`. This can cause critical headers (like 'Authorization' or 'Cache-Control') to be incorrectly extracted or overwritten, potentially leading to cache poisoning, authorization bypasses, or data leaks. Use `.ge
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0