Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10971

github.com/basecamp/thruster is vulnerable to BREACH Attacks

BREACH Attacks Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Dec 23, 2025

41

Medium Risk

This Affects:

GOgithub.com/basecamp/thruster
0.1.0 - 0.1.16
Fixed in 0.1.17
Are you affected? Scan for Free

TL;DR

Affected versions of this package before the implementation of BREACH attacks mitigations were vulnerable to compression side-channel attacks; an attacker could exploit this by repeatedly submitting crafted requests containing guessable payloads to an endpoint that reflected user secrets (like a CSRF token) in its compressed response body, and then analyzing the variations in the resulting encrypted response sizes to successfully deduce those secret values character by character.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

Background info

github.com/basecamp/thruster is vulnerable to BREACH Attacks in versions 0.1.0 - 0.1.16.

How to fix this

Upgrade github.com/basecamp/thruster library to patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done