Description
Using a CDN that caches (/**/*.png, /**/*.json, /**/*.css, etc…) requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users.
Recommendation
Update the better-call package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.12
- Patched version(s): 1.0.12
References
Related Issues
- Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) - CVE-2020-8203
- QMarkdown Cross-Site Scripting (XSS) vulnerability - CVE-2025-43954
- MathLive's Lack of Escaping of HTML allows for XSS - CVE-2025-29049
- Atro CSRF Middleware Bypass (security.checkOrigin) - CVE-2024-56140
- Tags:
- npm
- better-call
Anything's wrong? Let us know Last updated on July 11, 2025