HTTP Query String Injection in unjs/unstorage. The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the cloudflare-kv-http driver the expiration and expiration_ttl parameters can be injected, allowing an attacker to modify the availability of an item. This vulnerability is fairly minor, however in combination with a vulnerability in the cloudflare service, or github, or other HTTP service, sensitive parameters may be injected. There may also be undocumented query string parameters within these services. Path traversals may also be possible in some services which normalise sequences of ../.