Jörmungandrk
Jörmungandrk
https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886-L886 Fix the issue need to ensure that the subtraction `prev->size - prev->used` does not underflow. This can be achieved by explicitly checking that `prev->used` is less than `prev->size` before...
fix the problem to validate the user-provided URL before using it in the redirection. We can use the `urlparse` function from the Python standard library to parse the URL and...
Ruby-SAML The project [identity-saml-sinatra](https://github.com/18F/identity-saml-sinatra) properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML...
--- name: Fix arbitrary file access during archive extraction zipslip on index about: submit changes to the project title: "[pr] " labels: '' assignees: '' --- ## Description Fix the...
https://github.com/microsoft/OmniParser/blob/efbb1f4518462c3b6f581f39d558b0fbfe840678/omnitool/gradio/app_new.py#L317-L319 https://github.com/microsoft/OmniParser/blob/efbb1f4518462c3b6f581f39d558b0fbfe840678/omnitool/gradio/app_new.py#L423-L423 Accessing files using paths constructed from user-controlled data can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an...
https://github.com/microsoft/OmniParser/blob/5171b092483ab3e74ca50b9357e225f9f3571f18/omnitool/omnibox/vm/win11setup/setupscripts/server/main.py#L36-L49 Fix the issue, we need to validate and restrict the commands that can be executed. This can be achieved by implementing an allowlist of permitted commands and their arguments....
https://github.com/browser-use/web-ui/blob/886ba8f5354dca96a544ed7b7072fb41e4dcf850/src/agent/deep_research/deep_research_agent.py#L1115-L1115 https://github.com/browser-use/web-ui/blob/886ba8f5354dca96a544ed7b7072fb41e4dcf850/src/agent/deep_research/deep_research_agent.py#L1115-L1115 Fix the issue need to validate the `save_dir` parameter before using it to construct file paths. The best approach is to ensure that the constructed path is contained...
https://github.com/facebook/react/blob/73f06e04301ab20fe4e07f56de97e3c587e4b2e1/fixtures/flight-esm/server/region.js#L180-L180 To fix the issue, we need to ensure that `req.query.name` is explicitly validated to be a string before it is used. If it is not a string, the code...
https://github.com/aws-amplify/amplify-cli/blob/3f255c91e15d52139ba001410929864982f433f0/packages/amplify-storage-simulator/src/server/S3server.ts#L130-L130 fix the issue need to ensure that the constructed `filePath` is validated to remain within the intended directory (`this.localDirectoryPath`). This can be achieved by: 1. Normalizing the constructed path...
https://github.com/aws-amplify/amplify-cli/blob/aaef95c5a46232fac5105201c490210ac67c93b7/packages/amplify-storage-simulator/src/server/utils.ts#L77-L77 fix the issue need to ensure that the `buf` parameter in the `stripChunkSignature` function is of the expected type (`Buffer`). If `buf` is not a `Buffer`, the function should...