Summary
cacheGet() (src/cache.ts:123) deserializes Redis values via JSON.parse with no schema validation. Compromised Redis or cache key collision can serve corrupted data.
Fix
Add lightweight schema validation on cache reads. Consider HMAC signing cache values.
Summary
cacheGet() (src/cache.ts:123) deserializes Redis values via JSON.parse with no schema validation. Compromised Redis or cache key collision can serve corrupted data.
Fix
Add lightweight schema validation on cache reads. Consider HMAC signing cache values.