Open const-cloudinary opened 1 day ago
Hi @const-cloudinary In cloudinary.go, the URLForUpload function has a potential security issue. It directly uses the user-provided public_id without any sanitization. This could lead to security vulnerabilities like SSRF or XSS attacks. It is recommended to sanitize or validate the public_id before using it.
Should I work on it ?
Hacktoberfest is here! And we’re excited to invite you to explore and contribute to our Cloudinary SDKs on GitHub!
Whether you’re a seasoned contributor or new to Open Source, this is a great opportunity to get involved, suggest improvements, and help shape our SDKs.
:hammer_and_wrench: Here’s what we’re looking for:
Meaningful contributions will be eligible for exclusive Cloudinary swag, learn more about the requirements on our blog post
Let’s build something amazing together! :tada: