Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Vulnerabilities: Input Sanitization #712

Open
12 tasks
rflihxyz opened this issue Nov 13, 2024 · 0 comments
Open
12 tasks

fix: Vulnerabilities: Input Sanitization #712

rflihxyz opened this issue Nov 13, 2024 · 0 comments
Assignees
Labels
backend Core-Team Sensitive issues that are not open to public priority these issues needs to prioritize before others

Comments

@rflihxyz
Copy link
Contributor

  • Unsanitized Dynamic Input in File Path
    Description: The method fetchFileStreamFromURL in index.ts is vulnerable to unsanitized file path input.
    Location: packages/api/src/ticketing/@lib/@utils/index.ts
    Line: 11
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input in File Path
    Description: Constructs a file path using unsanitized input, which may lead to a path traversal vulnerability.
    Location: packages/api/src/@core/connections/@utils/base.js
    Line: 81
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input in File Path
    Description: The function updateFileContents in connectorUpdate.js is vulnerable to unsanitized input.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 119
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input in File Path
    Description: Unsanitized dynamic input in file path, allowing for potential path traversal.
    Location: packages/api/src/ats/attachment/services/ashby.js
    Line: 62
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: Unsanitized input in dynamic file path at connectorUpdate.js.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 293
    Repository: panoratech/Panora

  • Vulnerable Unsanitized Dynamic Input
    Description: Code has unsanitized dynamic input that poses a path traversal risk.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 372
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: Dynamic input used unsafely in file path, vulnerable to path traversal attacks.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 346
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: Unsanitized input leads to potential path traversal vulnerability.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 442 - 445
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: Dynamic input not properly sanitized in file path, leading to security risk.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 377
    Repository: panoratech/Panora

  • Vulnerable Unsanitized Dynamic Input
    Description: Unsanitized input allows for file path manipulation.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 477 - 480
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: File path uses unsanitized dynamic input.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 428
    Repository: panoratech/Panora

  • Unsanitized Dynamic Input Detected
    Description: Unsafe dynamic input in file path at connectorUpdate.js.
    Location: packages/api/scripts/connectorUpdate.js
    Line: 289
    Repository: panoratech/Panora

@rflihxyz rflihxyz added this to Product Nov 13, 2024
@rflihxyz rflihxyz moved this to 👀 In progress in Product Nov 13, 2024
@rflihxyz rflihxyz self-assigned this Nov 13, 2024
@rflihxyz rflihxyz added backend priority these issues needs to prioritize before others Core-Team Sensitive issues that are not open to public labels Nov 13, 2024
@rflihxyz rflihxyz changed the title Vulnerabilities | Input Sanitization fix: Vulnerabilities: Input Sanitization Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend Core-Team Sensitive issues that are not open to public priority these issues needs to prioritize before others
Projects
Status: 👀 In progress
Development

No branches or pull requests

1 participant