Description
Using a CDN that caches (/**/*.png, /**/*.json, /**/*.css, etc…) requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users.
Recommendation
Update the better-call package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.12
- Patched version(s): 1.0.12
References
Related Issues
- ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability - CVE-2024-39309
- Happy DOM: VM Context Escape can lead to Remote Code Execution - CVE-2025-61927
- URL parsing in node-forge could lead to undesired behavior. - Vulnerability
- LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader - CVE-2026-27795
You might also like:
- Tags:
- npm
- better-call
Anything's wrong? Let us know Last updated on July 11, 2025


