A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for deployment. The issue stems from the Vercel adapter in SvelteKit, where the __pathname query parameter overrides the request path without any checks. […]
The post Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: