## Finding **Location**: `core/src/shared/secure-fetch.ts:42-45` When `new URL()` throws a parse error, the `assertSecureUrl` function returned without throwing, silently allowing the request to proceed without HTTPS validation. ## Status **Fixed in v0.2.136** — The catch block now throws an error instead of silently returning.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free