This repository was archived by the owner on Oct 22, 2025. It is now read-only.
This repository was archived by the owner on Oct 22, 2025. It is now read-only.
vulnerability in rivetkit project #1087
Description
While working on rivetkit project, I discovered a cache deception vulnerability in the better-call npm package (this dependency used by rivetkit). The issue stems from insufficient path sanitization, which allows attackers to craft deceptive requests that can bypass CDN rules and expose sensitive user data.