-
Not an issue but a question - company I work for is interested in using the library but wants to know what security constraints are imposed within the parser context.
Specifically things that help a…
-
# Description of the bug
In the `Init` function of `index.go` located in `github.com/mickael-kerjean/filestash/server/plugin/plg_backend_ftp`, the FTPS (FTPs over TLS) connections are being establi…
-
### Describe the issue
It is possible to submit any number of failed login requests without limit, and without rate limit. **This makes Audiobookshelf susceptible to brute force login methods.**
a…
-
If you add suitable CORS headers to Vaadin requests, it is possible to do cross site embedding. It is unclear though if it you can allow all origins, e.g. create something like a chat you can embed on…
-
-
-
**Describe the bug**
When my android apps implementing FreeRASP, the Mobile Security Platform (aka MobSF) giving a high risk result with
"The App uses the encryption mode CBC with PKCS5/PKCS7 paddin…
-
Greetings,
I am a security researcher, who is looking for security smells in Puppet scripts. I noticed instances of binding to 0.0.0.0. Binding an address to 0.0.0.0 indicates allowing connections …
-
We have API endpoint returning JSON response with default schema in our backend service. We would like to allow the client to specify JSONata expression which would be evaluated on the server and the …
-
Follow up should be on pull request so that they don't reply under issue and get paid for it.
If there isn't a pull request open in time for the warning, automatically disqualify them (they should op…