Sensitive information sent insecurely In @sveltejs/kit
Description
@sveltejs/kit: query.batch cross-talk
query.batch() could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
npm | 2.60.1 |
Aliases
1. 2.
References
1.