logo

Database

Sensitive information sent insecurely In @sveltejs/kit

Description

@sveltejs/kit: query.batch cross-talk query.batch() could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-hgv7-v322-mmgr2. GCVE-GHSA-hgv7-v322-mmgr

References

1. https://github.com/sveltejs/kit/security/advisories/GHSA-hgv7-v322-mmgr

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-LRU4O – Vulnerability | Fluid Attacks Database