Jörmungandrk

icon indicating an email [email protected]

icon company Cybersecurity Engineer | Cyber-Physical Systems CPS™ @zsrscience | Cybersecurity Mentoring @zerofactorylabs icon location Lesser Sunda Islands. East of Javanesse icon location Security engineer passionate about kocheng silence. This is my personal account and any activities I perform are as an individual.👤

Results 88 issues of Jörmungandrk

fix: Prototype-polluting assignment

2 comment

## Ticket 🎟️#3705 To fix the prototype pollution vulnerability, we should ensure that the keys used in the `combineOverrides` method cannot be used to modify the `Object.prototype`. One effective way...

[Bug]:🐛Prototype-polluting assignment

https://github.com/smartcontractkit/external-adapters-js/blob/c242f89745186dc922bba0f0911d1adfcc9e4354/packages/core/bootstrap/src/lib/modules/overrider.ts#L119-L119 Most JavaScript objects inherit the properties of the built-in `Object.prototype` object. Prototype pollution is a type of vulnerability in which an attacker is able to modify `Object.prototype`. Since most...

fix(dev): jinja a sandbox breakout through malicious filenames

A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is...

fix(deps): linear parsing of case-insensitive content

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial...

fix Server-side request forgery http.get() dataSourceId

https://github.com/dust-tt/dust/blob/5200ee2a57e149ccab941d645bf5dd5df5974898/front/types/core/core_api.ts#L2047-L2047 fix the SSRF vulnerability need to validate the user-provided values (`projectId`, `dataSourceId`, and `folderId`) against a strict allow-list or a set of expected patterns. This ensures that only legitimate...

fix reflected cross-site scripting on escape-html

https://github.com/USStateDept/State-TalentMAP/blob/12b41833458ed70bc529103bc2577ffab8ec5e4c/src/obc.js#L24-L24 fix the problem, we need to sanitize the user input before incorporating it into the response. The best way to do this is by using a library that provides...

fix Shell command built from environment values

1 comment

https://github.com/Shopify/cli/blob/fe5568a39f42c252adf9fc204d5ce3d6947a933c/bin/pin-github-actions.js#L32-L32 fix the issue replace the use of `exec` with `execFile`, which allows us to pass arguments to the command as an array, avoiding the need to construct a shell...

cla-needed

fix Arbitrary file access during archive extraction ("Zip Slip") FileUtils()

https://github.com/datastax/astra-cli/blob/bab2edb1cbac0ed48642b116f7b29f7839bde7f6/src/main/java/com/dtsx/astra/cli/utils/FileUtils.java#L112-L112 fix the issue need to ensure that the extracted file paths are validated to prevent directory traversal attacks. Specifically: 1. Normalize the path of the extracted file using `Path.normalize()`...

fix Shell command built from environment values Code Injection on Cutter()

https://github.com/reddit/devvit/blob/c4195e11f81f291c182e9408d75be9f7b1a3e601/packages/cli/src/util/Cutter.ts#L38-L38 fix the issue the shell command should avoid dynamic string construction and instead use a safer method to execute the script. The `child_process.execFile` method is a better alternative because...

fix Hard-coded credentials

Including unencrypted hard-coded authentication credentials in source code is dangerous because the credentials may be easily discovered, the code may be open source, or it may be leaked or accidentally...