-
## Please list the package(s) involved in the issue, and include the version you are using
@shopify/ui-extensions-react@2024.1.1
## Describe the bug
[`useSessionToken`](https://shopify.dev/do…
-
The service appears to implicitly trust the user-supplied Host header. If this input is not properly validated, an attacker could inject harmful payloads through the Host header, manipulating server-s…
-
Hi Zirui,
Your paper "Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud" is incredibly insightful, especially the ECDSA attack section. However, it seems that the source…
-
Hello, from version 3.2.7 i got no implicit conversion of Hash into String in rack-attack gem here
`Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", maxretry: 3, findtime: 10.minutes, bantime:…
-
# Description of the LOTP tool
`actions/setup-node` is used to setup a node environment. It supports a `cache` flag which calls npm or yarn under the hood in order to cache dependencies.
I haven…
-
When a user search for a CRS, the DB is constantly used.
Time and resources can be saved by performing a search in the JSON file received during loading.
-
Currently Utreexo state is part of the `UtxoSet` although it would be better to separate those two to have a cleaner design and solve some issues with batch inclusion proofs, cache integrity, and doub…
m-kus updated
14 hours ago
-
Dear GPTCache Team,
we are a security research group. We've used GPTCache for a while and impressed by its design and speed, but as we studied further, more concerns about the security of GPTCache ha…
-
It looks like the ideal thing to use would be the [timing-sheild](https://www.chosenplaintext.ca/open-source/rust-timing-shield/) crate, however it's not available to stable rust (needs the `asm` feat…
-
The AES implementation should probably be swapped out for a constant-time implementation
Confirmed by one of the authors of the AES code: https://twitter.com/pbarreto/status/532950080761131008