issues Search Results · language:Dune language:JavaScript language:JavaScript linked:pr language:JavaScript language:Python
Filter by
4.5M results
Batch of verified low-severity items from the deep review. Each is small/localized.
1. plutus org create / workspace create with no NAME crashes — cli.py:121,136; name is nargs= ? , so a missing name ...
tcconnally
Severity: medium · Type: hardening · found in deep review
Where: plutus_agent/server/auth.py:117-140 (_claims_from_id_token)
Problem: The id_token payload is base64-decoded and trusted after checking ...
Severity: medium · Type: hardening · found in deep review
Where: plutus_agent/alerts.py:92-98
Problem: STARTTLS is only attempted when port in (587,). For any other port (misconfigured 25, 2525) the ...
Severity: medium · Type: hardening (injection) · found in deep review
Where: plutus_agent/reports.py:108-110 (HTML rows), :127/:152-153 (org name in title/h1), :228 (reportlab Paragraph(f ◆
Plutus — {org[ ...
Severity: medium · Type: hardening / feature · found in deep review
Where: plutus_agent/server/auth.py:178-181 (_authorize_email → create_org as owner when allow_signup)
Problem: With auth.allow_signup ...
What
dispatchWithRedelivery (src/webhooks.mjs) snapshots the parked-delivery backlog once per run and infers was this event
already parked? from that snapshot:
const parked = store
? new Set(await ...
slop
galuis116
Severity: medium · Type: hardening (CSRF) · found in deep review
Where: plutus_agent/server/app.py:219-240 (POST routes), auth.py:238 (SameSite=Lax), app.py:161-166/:189 (logout via
GET)
Problem: /keys/create, ...
Context
Design-first investigation of the bridge s locking machinery in the smart-router / dumb-session model, to map how a
session can deadlock (stop draining while still alive) and what hardening options ...
mikedougherty
Severity: medium · Type: hardening (DoS) · found in deep review
Where: plutus_agent/server/app.py:87-89 (_body), used by _ingest_usage (:301), _form (:91-93), _webhook (:410)
Problem: _body does int(self.headers.get( ...
Severity: medium · Type: bug (concurrency) · found in deep review
Three issues sharing one root cause — read-modify-write with no atomic transaction under the threaded,
connection-per-request server (app.py ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.