In file: api_admin_socketio.py, there is a method that stores user-provided data into logs without validating the data. This allows an attacker to corrupt the log file structure (https://cwe.mitre.org/data/definitions/117.html).
User-provided data should be sanitized before it can be added to logs. It is unclear how the log data is used, or which part of the user input need to be logged. Therefore, no fix was suggested.
In file: api_admin_socketio.py, there is a method that stores user-provided data into logs without validating the data. This allows an attacker to corrupt the log file structure (https://cwe.mitre.org/data/definitions/117.html).
User-provided data should be sanitized before it can be added to logs. It is unclear how the log data is used, or which part of the user input need to be logged. Therefore, no fix was suggested.