-
There is no input validation or sanitization when creating or updating a note (`create_note`, `update_note`). This opens up the application to potential injection attacks, such as Cross-Site Scripting…
-
## CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Libraries - jquery-1.10.2.min.js, jquery-2.1.4.min.js
jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: http…
-
# helmet.js
- 웹 서버에 대한 악성적인 공격이 뭐가 있을까?
```jsx
const express = require("express");
const helmet = require("helmet");
const app = express();
app.use(helmet());
// ...
```
```jsx
/…
-
### Role
As an AI practitioner
### Desired Feature
I want to upload >1 pieces of ‘evidence’ (eg URLs) to particular evidence elements
### Benefit
So that I can keep track of more comple…
-
Dear maintainers,
We have detected several vulnerabilities in the dependencies of the `@bull-board/nestjs` package. Below is a summary of the affected packages and versions:
1. **body-parser - V…
-
More of a challenge than porting flake8 plugins, because these are written in Java: https://github.com/SonarSource/sonar-python
But some of them are somewhat useful and I didn't see equivalent code…
-
Similar to https://github.com/SergioBenitez/Rocket/issues/25 there should be an easy way to configure a CSP. CSP is a way to make XSS almost impossible and is easy and straight forward to configure.
…
-
## CVE-2016-1182 - High Severity Vulnerability
Vulnerable Library - struts-core-1.3.8.jar
Apache Struts
Library home page: http://www.apache.org/
Path to dependency file: /foxtrot-server/pom.xml
Pat…
-
### Context
Single Page Applications want to minimize unneeded network traffic.
### Issue
The OIDC helper will generate a network request each time it is called.
With a large volume of compo…
-
# Welcome to the CodeQL Unsafe JQuery course!
We created this course to help you quickly learn CodeQL, our query language and engine for code analysis. The goal is to find several cross-site scripting…