-
Implement endpoint
Endpoint docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/global-advisories?apiVersion=2022-11-28#list-global-security-advisories
## curl conventi…
-
## CKAN version
2.9, 2.10, Master
## Describe the bug
Following the recent CVE for log injection I was reviewing what we're doing with logs, and I think we should go through and change a bunc…
-
`printf` can be used for exploits if an attacker controls the format string:
```c++
char *input = ; // attacker controlled
print(input);
```
There are three main format options that can be used…
-
These take format strings, and are trivial to cause memory safety issues which an attacker can exploit with https://www.owasp.org/index.php/Format_string_attack
If you must expose them, they should…
-
in utils.py string formatting is used for creating the html strings. If user-controlled input is used in constructing the html string, this opens the way for XSS attacks. I extended your calender code…
-
So, the existing example/xyz.tomls aren't exactly easy to get going in the helix philosophy of 'batteries included".
I think we have two issues:
1) Perhaps suggesting that users get started with…
-
https://github.com/bwesterb/draft-mpic/blob/67f9369432bb332c4ae8cc96da1912a212ca222f/draft-westerbaan-secdispatch-mpic.md?plain=1#L141
I noticed CloudFlare uses base64 representation of CAA records…
-
# Issue
I see on [OWASP's page](https://owasp.org/www-community/attacks/CSV_Injection) on CSV injection to "prepend each cell field with a single quote". I was wondering why sanitization is done by…
-
## Suggested Code changes
https://api.github.com/repos/chrislimqc/Cloud-Computing/contents/format.c
## Reasoning
An attacker can leverage this vulnerability to read from and write to arbitrary memory…
-
Hi,
rrdtool graph -f accepts a format string to be used by printf.
This approach creates a security issue in situations where an attacker is able to control the format string.
I know at least one web…