AIKIDO-2025-10855
better-ccflare is vulnerable to Insertion of Sensitive Information Into Sent Data
45
Medium Risk
This Affects:
better-ccflareTL;DR
Affected versions of this package are vulnerable to Authorization Header Credential Leakage due to insufficient sanitization of client Authorization headers, which could allow attackers to intercept leaked credentials from upstream providers. This security flaw involves improper management of authentication headers across all provider types, including OAuth, API key, Anthropic-compatible, and OpenAI-compatible providers. An attacker exploiting this vulnerability could gain unauthorized access to client credentials by monitoring or manipulating requests to upstream providers, potentially leading to account takeover or further malicious activities.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
better-ccflare is vulnerable to Insertion of Sensitive Information Into Sent Data in versions 1.2.28 - 3.0.0.
How to fix this
Upgrade the better-ccflare library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant