A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for deployment. The issue stems from the Vercel adapter in SvelteKit, where the __pathname query parameter overrides the request path without any checks. […] The post Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/cache-deception-sveltekit-vercel-data/
