fullstack-nextjs-app-template icon indicating copy to clipboard operation
fullstack-nextjs-app-template copied to clipboard
verified publisher icon xizon

possible vulnerability in Logger.js

Open Zeyad-Elgendy opened this issue 1 year ago • 1 comments

In Logger.js file it does not do any sanity check for file-path, file or arg. Even though the file is not directly accessible from the client side, it's always a good practice to sanitize any inputs. If external input somehow was able to influence any of these variables, it could lead to command injection attacks.

Zeyad-Elgendy avatar Dec 11 '24 04:12 Zeyad-Elgendy

Thanks ! logger.js is just a demo, it is not used and it is not a full code. Need to update it?

xizon avatar Dec 17 '24 01:12 xizon