-
https://github.com/rack/rack-attack/blob/0d40ea6538c95fb3c6f70862356d2cb54c02b02e/lib/rack/attack/cache.rb#L56-L59
This code calls `delete_matched` and passes in a string. However, MemoryStore for …
-
## Please list the package(s) involved in the issue, and include the version you are using
@shopify/ui-extensions-react@2024.1.1
## Describe the bug
[`useSessionToken`](https://shopify.dev/do…
-
When a user search for a CRS, the DB is constantly used.
Time and resources can be saved by performing a search in the JSON file received during loading.
-
It looks like the ideal thing to use would be the [timing-sheild](https://www.chosenplaintext.ca/open-source/rust-timing-shield/) crate, however it's not available to stable rust (needs the `asm` feat…
-
**Describe the bug**
A new colleague tried (less than an hour ago) to `devenv up` on macOS and got this error:
```
(devenv) Colleagues-MacBook-Pro:project_dir colleague$ devenv up
• Building pro…
-
The AES implementation should probably be swapped out for a constant-time implementation
Confirmed by one of the authors of the AES code: https://twitter.com/pbarreto/status/532950080761131008
-
There seems to be a Host header injection vulnerability in line 26 of `src/password-reset/password-reset.service.ts`
## What is Host Header Injection?
When an application trusts the Host header…
-
### Summary
In smc-tools [1][2], the open_cache_file() function in stats.c [3] operates on a predictable path in /tmp, allowing an unprivileged local user to deny the program's service.
> sprintf(…
-
The service appears to implicitly trust the user-supplied Host header. If this input is not properly validated, an attacker could inject harmful payloads through the Host header, manipulating server-s…
-