Description
Using a CDN that caches (/**/*.png, /**/*.json, /**/*.css, etc…) requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users.
Recommendation
Update the better-call package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.12
- Patched version(s): 1.0.12
References
Related Issues
- URL parsing in node-forge could lead to undesired behavior. - Vulnerability
- Cache Poisoning Vulnerability - CVE-2024-29042
- ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability - CVE-2024-39309
- Passing in a non-string 'html' argument can lead to unsanitized output - CVE-2021-32696
- Tags:
- npm
- better-call
Anything's wrong? Let us know Last updated on July 11, 2025