Closed loop0 closed 4 years ago
The download view endpoint is currently unprotected and can easily leak information as the ids are serial integers.
I have an open PR with a fix: https://github.com/abhishek-ram/django-pyas2/pull/23
I'm closing this as they where fixed on #23
The download view endpoint is currently unprotected and can easily leak information as the ids are serial integers.
I have an open PR with a fix: https://github.com/abhishek-ram/django-pyas2/pull/23