UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.t…

UptimeFlare, a serverless uptime monitoring solution powered by Cloudflare Workers, had a vulnerability where sensitive server-only configuration data was exposed to client-side JavaScript bundles. The issue occurred because the configuration file exported both safe client data (pageConfig) and sensitive server data (workerConfig) from the same module. A client-side component incorrectly imported and used the server-only workerConfig, causing the entire sensitive configuration object to be included in JavaScript bundles served to all visitors. This exposed sensitive data that should have remained server-side only. The vulnerability was patched in commit 377a596.