tidb-dashboard icon indicating copy to clipboard operation
tidb-dashboard copied to clipboard

Published 20 hours ago verified publisher icon pingcap

*: fix security issues

Open mornyx opened this issue 1 year ago • 1 comments
trafficstars

This PR fixes some security issues.

  • Use of inherently dangerous function in pkg/apiserver/logsearch/task.go.
  • Potential SQL injection in pkg/apiserver/statement/queries.go. (In reality, only SQL digests are concatenated, so this won’t happen, but it’s there to prevent “potential changes”.)
  • External service interaction via DNS in pkg/apiserver/logsearch.
  • Lack of rate limiting on unauthed API /api/user/login.

mornyx avatar Sep 18 '24 15:09 mornyx