Homepage

better-call@1.0.10 vulnerabilities

Better call is a tiny web framework for creating endpoints that can be invoked as a normal function or mounted to a router to be served by any web standard compatible server (like Bun, node, nextjs, sveltekit...) and also includes a typed RPC client for t

  • latest version

    1.0.16

  • latest non vulnerable version

    1.0.16

  • first published

    1 years ago

  • latest version published

    11 days ago

  • licenses detected

  • View better-call package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the better-call package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Use of Web Browser Cache Containing Sensitive Information

    better-call is a Better call is a tiny web framework for creating endpoints that can be invoked as a normal function or mounted to a router to be served by any web standard compatible server (like Bun, node, nextjs, sveltekit...) and also includes a typed RPC client for t

    Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via insufficient path sanitization in the request processing logic. An attacker can access sensitive user session data by crafting requests that mimic static asset paths, causing a CDN to cache and serve sensitive responses to unauthorized users.

    How to fix Use of Web Browser Cache Containing Sensitive Information?

    Upgrade better-call to version 1.0.12 or higher.

    <1.0.12
    Go back to all versions of this package