-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
Current [13.2.4](https://github.com/OWASP/ASVS/blob/master/4.0/en/0x21-V13-API.md#v132-restful-web-service):
> Verify that REST services have anti-automation controls to protect against excessive…
-
[3.2.3](https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V3-Session-management.md#v32-session-binding-requirements) states "Verify the application only stores session tokens in the browser using …
-
## CVE-2018-11307 - High Severity Vulnerability
Vulnerable Library - jackson-databind-2.1.4.jar
General data-binding functionality for Jackson: works on core streaming API
Path to dependency file: r…
-
Trivy detects jackson in a docker image but fails to take the version into account
…
-
[Splunk](http://www.splunk.com) proposes to contribute the [Flowmill Collector](https://github.com/Flowmill/flowmill-collector) to the Cloud Native Computing Foundation (CNCF) OpenTelemetry project, a…
yonch updated
3 years ago
-
One of the first point on the philosophy of Deno is to claim for secure environment. Or if developer are not careful, it can actually bring to all the oposite. They might feel secure, even if they are…
apiel updated
3 years ago
-
## Proposed Feature
When a user connects to http://[addr]:52325/ and receives a custom metrics entry, an https is currently performed. The https upgrade should not be done. Metrics is an unauthentica…
-
## CVE-2019-17495 - High Severity Vulnerability
Vulnerable Library - swagger-ui-2.2.5.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beau…
-
For source code,
1. Continue to use external source code systems for unclassified workloads. This is permitted via TBS policy:
> 6.1: Departments are to enable open access to the Internet for GC
…