Log Forging issue fix in contribute.ts

amy-jung / collectivedaoarchives.catalog

The Collective DAO Catalog is an open source index of DAO historical events. Together, as an open source database that anyone can contribute to, we can use the power of collective intelligence to highlight patterns and improve the development of new and existing DAOs

https://www.daocatalog.xyz/

MIT License

6 stars 1 forks source link

Log Forging issue fix in contribute.ts #72

Open Mobb-Fixer opened 5 months ago

Mobb-Fixer commented 5 months ago

Issue description Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities. More info from OWASP: https://owasp.org/www-community/attacks/Log_Injection

Fix technique Implement proper input sanitization to remove new lines for values going to the log.

vercel[bot] commented 5 months ago

@Mobb-Fixer is attempting to deploy a commit to the Collective DAO Archives Catalog Team on Vercel.

A member of the Team first needs to authorize it.