Vulnerabilities Dashboard - Code

[flatfile-nullify[bot]]

Severity Threshold: 🔵 MEDIUM

85 Potential vulnerability sources found within this repo

🔴 CRITICAL	🟡 HIGH	🔵 MEDIUM	⚪ LOW
0	28	57	0

ID: 01J53YX5GD6N7C19BNJ0F6PYVP Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/testing/src/test.listener.ts#L35 # ID: 01J53YX5GD6N7C19BNEN6MCKEB Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/foreign-db-extractor/src/s3.upload.ts#L8-L20 # ID: 01J53YX5GD6N7C19BNG75P8GA9 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/xlsx-extractor/src/utils.ts#L9 # ID: 01J53YX5GD6N7C19BNE8VTHDX6 Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/export-workbook/src/utils.ts#L9 # ID: 01J53YX5GD6N7C19BNHFEFMYZV Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/extractor/src/index.ts#L204 # ID: 01J53YX5GD6N7C19BNHZJP0J74 Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/testing/src/test.helpers.ts#L139-L147 # ID: 01J53YX5GD6N7C19BNH467C8HT Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/common/src/all.records.ts#L137-L145 # ID: 01J53YX5GD6N7C19BNHSYWKMKC Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/response-rejection/src/index.ts#L111 # ID: 01J53YX5GD6N7C19BNH2J23A7F Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/common/src/all.records.ts#L110-L118 # ID: 01J53YX5GD6N7C19BNDQ726C7P Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/delimiter-extractor/src/parser.ts#L104 # ID: 01J53YX5GD6N7C19BNH6DCNGXP Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/common/src/async.batch.spec.ts#L98-L100 # ID: 01J53YX5GD6N7C19BND4KCZX7E Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/autocast/src/autocast.plugin.ts#L88 # ID: 01J53YX5GD6N7C19BNF2ZD121V Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/merge-connection/src/create.workbook.ts#L82 # ID: 01J53YX5GD6N7C19BNEFGZR3MB Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/foreign-db-extractor/src/database.restore.ts#L18-L30 # ID: 01J53YX5GD6N7C19BNG0BKPTZA Language: TypeScript Severity: 🟡 HIGH CWE-918

Rules lgpl javascript ssrf rule node ssrf

This application allows user-controlled URLs to be passed directly to HTTP client libraries. This can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet. This allows the attacker to access internal resources they do not have direct access to. Some risks of SSRF are:

• Access and manipulation of internal databases, APIs, or administrative panels - Ability to scan internal network architecture and services - Can be used to pivot attacks into the internal network - Circumvent network segregation and firewall rules To avoid this, try using hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not. Here is an example: var whitelist = [ "https://example.com", "https://example.com/sample" ] app.get('/ssrf/node-ssrf/axios/safe/3', function (req, res) { if(whitelist.includes(req.query.url)){ axios.get(url, {}) .then(function (response) { console.log(response); }) .catch(function (response) { console.log(response); }) } }); For more information on SSRF see OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/webhook-event-forwarder/src/forward.webhook.ts#L19-L25 # ID: 01J53YX5GD6N7C19BNEK86X0BG Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/foreign-db-extractor/src/database.user.ts#L55 # ID: 01J53YX5GD6N7C19BNE9W1A09M Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/export-workbook/src/utils.ts#L19 # ID: 01J53YX5GD6N7C19BNEDQSE6NV Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/foreign-db-extractor/src/database.poll.status.ts#L20 # ID: 01J53YX5GD6N7C19BNFWGMSKSH Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/plugins/sql-ddl-converter/src/setup.factory.ts#L53 # ID: 01J53YX5GD6N7C19BNGS1RS0YJ Language: TypeScript Severity: 🟡 HIGH dom-xss-finder

Dom xss finder

A potential user-input controlled parameter passing in a JavaScript sink was found.

Read more: https://owasp.org/www-community/attacks/DOM_Based_XSS https://github.com/FlatFilers/flatfile-plugins/blob/b9e18394e23beb32411607428180f03f02c730b9/utils/common/src/all.records.ts#L21 #

ℹ️ Note: 85 vulnerabilities were detected. This dashboard prioritises and showcases the top 20 most critical findings.

Reply with /nullify to interact with me like another developer

[flatfile-nullify[bot]]

New code security updates for commit c3fe5b746b30f424797f68d15c4c61aa0c570fca

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J2YNB10VC6FGXJ01HA000TF4 | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J2YNB10VC6FGXJ01HBRWAWV1 | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J2YNB10VC6FGXJ01H66R1H7C | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J2YNB10VC6FGXJ01HAAEKCH9 | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J2YNB10VC6FGXJ01H9DC8XZW | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J2YNB10VC6FGXJ01HFNT6WXJ | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J2YNB10VC6FGXJ01HEZ2SPBZ | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit bf76cb0be6140799bedb8740900f9510035b532b

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J2YQ615ZHZDB2T32MFZQCVV2 | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J2YQ615ZHZDB2T32MKJS3ERM | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J2YQ615ZHZDB2T32M97QB9DT | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J2YQ615ZHZDB2T32MH9R8B4W | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J2YQ615ZHZDB2T32MD65Z6T2 | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J2YQ615ZHZDB2T32MQTT7HX4 | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J2YQ615ZHZDB2T32MMV97Z6Y | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit feeaa80bafd4e31cfa157ea2ed03889da9aefff1

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J35XB67THYC0PQ2C7J4RFMRJ | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J35XB67THYC0PQ2C7K1JF768 | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J35XB67THYC0PQ2C7ENADNV0 | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J35XB67THYC0PQ2C7J7S9Q3W | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J35XB67THYC0PQ2C7F9V342Y | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J35XB67THYC0PQ2C7KNWXV42 | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J35XB67THYC0PQ2C7KM3H1Z4 | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit 8aea3364a682c91cbf6157892b5bd3ee3aa585af

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J362P9NCA4BQD23XMJ69HWKZ | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J362P9NCA4BQD23XMPQPVHV6 | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J362P9NCA4BQD23XME3BKSS0 | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J362P9NCA4BQD23XMMJ09EF0 | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J362P9NCA4BQD23XMGDBY3WV | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J362P9NCA4BQD23XMTVHKFFN | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J362P9NCA4BQD23XMSGPBP8E | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit 9f5664d2be1525b0bf35f6a669db2012ad7b3e3b

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J36JWWE5BV3VR4PVE9MXT443 | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J36JWWE5BV3VR4PVED2PWPT3 | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J36JWWE5BV3VR4PVE4CJYKZN | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J36JWWE5BV3VR4PVEA3ACVVY | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J36JWWE5BV3VR4PVE7FQT7TV | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J36JWWE5BV3VR4PVEFNW6222 | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J36JWWE5BV3VR4PVEDES1G49 | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit 4e48f4d34bb27f4be7757af898507684baeb2b34

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J3QVNGPXZME65P6DYNK5ZDNX | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J3QVNGPXZME65P6DYVAPBRWY | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J3QVNGPXZME65P6DYKRD6TAN | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J3QVNGPXZME65P6DYS3PWYY0 | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J3QVNGPXZME65P6DYN39N4D8 | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J3QVNGPXZME65P6DYWXSP765 | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J3QVNGPXZME65P6DYW54EHJD | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |

[flatfile-nullify[bot]]

New code security updates for commit 44774e6c714afff55d3b053a7f5957c7f632d614

New	Fixed	Allowlisted	Unallowlisted
7	0	0	0

See Details

### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J3RH9XD96GXWZRJ20GJE9KKS | Generic error disclosure | plugins/merge-connection/src/sync.data.ts | 13 | 209 | | 01J3RH9XD96GXWZRJ20KJ6BKN8 | Rules lgpl javascript eval rule yaml deserialize | plugins/yaml-schema/src/setup.factory.ts | 29 | 502 | | 01J3RH9XD96GXWZRJ20CT53N5J | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 33 | 22 | | 01J3RH9XD96GXWZRJ20KHQEV28 | Javascript pathtraversal rule non literal fs filename | plugins/yaml-schema/src/setup.factory.spec.ts | 62 | 22 | | 01J3RH9XD96GXWZRJ20GD7K8KM | Javascript pathtraversal rule non literal fs filename | plugins/automap/src/automap.plugin.e2e.spec.ts | 72 | 22 | | 01J3RH9XD96GXWZRJ20S3GTX7Z | Generic error disclosure | utils/common/src/all.records.ts | 74 | 209 | | 01J3RH9XD96GXWZRJ20PNYZMFK | Javascript pathtraversal rule non literal fs filename | plugins/zip-extractor/src/index.ts | 76 | 22 |