pullrequests Search Results · language:Dune language:Python language:JavaScript language:JavaScript language:Java language:C#
Filter by
196M results
Summary
- Fixes SSRF URL-allowlist bypass in OAuth callback (localhost:81@attacker.com style attacks)
- Replaces config-based allowlist with urlsplit-based validation + character blocklist
- Preserves ...
mrveiss
Contexte
Préalable au chantier des interfaces d administration organismes (portfolios) / sociétés.
Architecture cible de la plateforme :
Plateforme
├── Organismes (portfolios) ── composés de Sociétés ...
djoufack
Closes #321 (the parser-bypass keystone of security epic #318).
Problem
The agent command allowlist is the sole control under bypassPermissions, and it was trivially bypassable
(apps/backend/security/parser.py): ...
olafkfreund
🚨 Severity: CRITICAL 💡 Vulnerability: Discovered that the dynamic type evaluation in Container._safe_eval_type using
safe AST traversal permitted arbitrary ast.Call nodes. 🎯 Impact: This allowed for Arbitrary ...
bashandbone
Se dividió el formulario de creación de usuario en componentes de sección modulares y un hook personalizado. Se
agregaron SeccionPersonal, SeccionContacto, SeccionDireccion, SeccionRol, types y useCreateUserForm ...
EmaGaleas
Causa raíz confirmada
El screenshot del fallo lo demostró: el form de login usa validación nativa HTML5 required. Chrome muestra Please fill
out this field sobre el campo Contraseña y aborta el POST — ...
Gonzalez8
lacatusvWhat
Fixes wyrd-6hbv — the era-grid gloss-blobs / garbage modern reflexes (-ton showing the weight unit; -ing carrying ~45
disjoint glosses). Root cause: bad merge decisions, not the descent graph. Distinct ...
devonjones
chetanasangamesh
See Commits and Changes for more details.
Created by img src= https://prod.download/pull-18h-svg valign= bottom / pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please ...
⤵️ pull
pull[bot]