2 matches found
GHSA-HGV7-V322-MMGR @sveltejs/kit: `query.batch` cross-talk
query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...
PT-2026-42177
Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...