GHSA-M9G3-3G99-MHPX eventsource-encoder vulnerable to SSE event injection via unsanitized `event` and `id` fields
Summary eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators \n, \r, or \r\n and thereby forge additional SSE fields or entire messages on the...