Open flatfile-nullify[bot] opened 2 months ago
New code security updates for commit 42953476d9afc8ce2e8db8d84a286f43db6cfd1d
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
25 | 0 | 0 | 0 |
New code security updates for commit 8cf905a61916f7953b7d09c12fa27d4268f71a66
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
1 | 0 | 0 | 0 |
New code security updates for commit 6c8292b653c82e3d2ee86bf29a424bf854cefc98
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
1 | 0 | 0 | 0 |
New code security updates for commit d565c705dd0b471783135e1af7f78037b983c46a
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
26 | 0 | 0 | 0 |
New code security updates for commit 2093c4deb755e1874053450265f59f5cd39761f4
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
1 | 0 | 0 | 0 |
New code security updates for commit 5496e45d023fdef804e39d4e54ad5b92f3cc4e32
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
1 | 0 | 0 | 0 |
New code security updates for commit 3ffcee725213c615bf07bd828dd021d108f6d3e7
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
27 | 0 | 0 | 0 |
New code security updates for commit e98cdf496bf94b4457b9794d8746cc75dc1e1ae9
New | Fixed | Allowlisted | Unallowlisted |
---|---|---|---|
27 | 0 | 0 | 0 |
Severity Threshold: π΅ MEDIUM
135 Potential vulnerability sources found within this repo
π΄ CRITICAL
π‘ HIGH
π΅ MEDIUM
βͺ LOW
ID: 01J2FGF1R4ME54V4CA12NDMQ89
Language: TypeScript
Severity: π‘ HIGH
CWE-798
Node secret
A hardcoded secret is identified. Store it properly in an environment variable. https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/index.ts#L132-L137 #
ID: 01J4N8QWS9P07V5JZ6BWZHDR70
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createModal.ts#L52 #
ID: 01J3ZJQZFF0EQCF2B3FJJM1DTX
Language: JavaScript
Severity: π‘ HIGH
CWE-918
Server-side request forgery
User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).
Read more: https://cwe.mitre.org/data/definitions/918.html https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/files/agent.js#L311-L323 #
ID: 01J4N8QWS9P07V5JZ66FAW34MX
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/angular/projects/spaces/src/lib/space/space.service.ts#L12 #
ID: 01J4N8QWS9P07V5JZ6E7436K1W
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/v2-shims/src/logic/validator.ts#L309-L312 #
ID: 01J4N8QWS9P07V5JZ6D95M2EXG
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L15 #
ID: 01J3ZJQZFF0EQCF2B3FHWWHAEV
Language: JavaScript
Severity: π‘ HIGH
CWE-918
Server-side request forgery
User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).
Read more: https://cwe.mitre.org/data/definitions/918.html https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/files/agent.js#L294-L297 #
ID: 01J4N8QWS9P07V5JZ66CEAJP78
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L16 #
ID: 01J4N8QWS9P07V5JZ6E4DPJCDR
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/v2-shims/src/logic/validator.ts#L290-L293 #
ID: 01J4N8QWS9P07V5JZ6B8CMKZCS
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createIframe.ts#L16 #
ID: 01J4N8QWS9P07V5JZ6DB1MZ4TH
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L17 #
ID: 01J4N8QWS9P07V5JZ6BKRD26R3
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/createIframe.ts#L241 #
ID: 01J4N8QWS9P07V5JZ66EGYSXXZ
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L18 #
ID: 01J4N8QWS9P07V5JZ66EPTKF87
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/sandbox/src/xdk-simple-deploy.ts#L19-L21 #
ID: 01J4N8QWS9P07V5JZ6DEVTCCPW
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/react/src/utils/styleInject.ts#L20 #
ID: 01J4N8QWS9P07V5JZ6CDWKBY4Y
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/javascript/src/startFlatfile.ts#L233 #
ID: 01J4N8QWS9P07V5JZ67YTDGGSN
Language: TypeScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/x/actions/deploy.action.ts#L171-L180 #
ID: 01J4N8QWS9P07V5JZ65M8QWJD9
Language: JavaScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/vanilla/main.js#L22 #
ID: 01J2FGF1R4ME54V4CA130XC6HY
Language: TypeScript
Severity: π‘ HIGH
CWE-798
Node api key
A hardcoded API Key is identified. Store it properly in an environment variable. https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/packages/cli/src/legacy/utilities/access.token.ts#L5-L6 #
ID: 01J4N8QWS9P07V5JZ65P2WXR52
Language: JavaScript
Severity: π‘ HIGH
dom-xss-finder
Dom xss finder
A potential user-input controlled parameter passing in a JavaScript sink was found.
Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-core-libraries/blob/629a162cba4ea3eef542d642b2e4e9a21568be75/apps/vanilla/main.js#L23 #
βΉοΈ Note: 135 vulnerabilities were detected. This dashboard prioritises and showcases the top 20 most critical findings.
Reply with
/nullify
to interact with me like another developer