## If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. #535
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code.
github-actions[bot]
commented
3 weeks ago
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code.
Review setTimeout for untrusted data
Show more details
_Originally posted by @github-advanced-security in https://github.com/Bryan-Roe/semantic-kernel/pull/519#discussion_r1703149970_