When making a pull request, the code incorporates user information into the URL query parameters. This is problematic since the URL contains personal information such an email address, name, and password.
Browser history, server logs, and network queries may include vital URL information. If someone decodes or gains access to these records, it may pose a security concern.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Instead of providing URL parameters, utilize the POST method to send a request. This make sure that critical information is not accessible via the URL.
Description of the Vulnerability
When making a pull request, the code incorporates user information into the URL query parameters. This is problematic since the URL contains personal information such an email address, name, and password. Browser history, server logs, and network queries may include vital URL information. If someone decodes or gains access to these records, it may pose a security concern.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Instead of providing URL parameters, utilize the POST method to send a request. This make sure that critical information is not accessible via the URL.
School Name
GD Goenka Sector 10A