5 matches found
EUVD-2025-203845
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits...
GHSA-X732-6J76-QMHM Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits
Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...
@alstar/studio (=0.0.0-beta.20), @andersondacampo/volt-core (=0.3.0) +163 more potentially affected by unknown CVE via rou3 (>=0.1.0 <=0.6.3)
rou3 NPM version =0.1.0, =1.2.6-beta.6, =1.0.24, =0.0.1, =1.3.24, =0.8.2, =1.4.0, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: SNYK:JS-ROU3-14459107...
Path Equivalence
Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits
Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...