CodeX-API icon indicating copy to clipboard operation
CodeX-API copied to clipboard
verified publisher icon Jaagrav

[Security Vulnerability] Allowing malicious code injection.

Open vickyguptaa7 opened this issue 2 years ago • 4 comments

I have identified a security vulnerability in the CodeX-API repository. The vulnerability allows an attacker to inject malicious code into the server, which can potentially harm the server and allow unauthorized access to sensitive information. Specifically, an attacker is able to delete files on the server using javascript or other programming language.

This security vulnerability poses a significant threat to the project's integrity and the security of the data stored in the server.

vickyguptaa7 avatar Apr 27 '23 11:04 vickyguptaa7

Hi. I think using an isolated environment for the Codex API will solve this problem. For example Docker.

oybekrustamov avatar Jul 10 '23 17:07 oybekrustamov

Running the Node.js process in non-root mode is also a viable solution. I have raised a pull request to implement this change.

vickyguptaa7 avatar Jul 10 '23 18:07 vickyguptaa7

@vickyguptaa7 Can you add a memory limit or Used memory in output?

oybekrustamov avatar Jul 11 '23 15:07 oybekrustamov

Yeah it can be done by using pidusage npm package.

vickyguptaa7 avatar Jul 12 '23 06:07 vickyguptaa7