GHSA-4vcf-q4xf-f48m: Better Auth Passkey Plugin allows passkey deletion through IDOR
Affected versions of the better-auth passkey plugin allow users with any valid session to delete arbitrary passkeys via their ID using POST /passkey/delete-passkey.
References
Code Behaviors & Features
Detect and mitigate GHSA-4vcf-q4xf-f48m with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →