issues Search Results · language:Dune language:JavaScript language:Python language:JavaScript language:Java language:Python
Filter by
55.4M results
Description
Currently there is no authentication middleware. Any request can access any endpoint. The login endpoint returns a fake
JWT token.
Requirements
- Proper JWT authentication with Spring ...
github-actions[bot]
Description
The /api/tasks/search endpoint is vulnerable to SQL injection. The keyword parameter is directly concatenated into SQL
query string in DatabaseHelper.java.
Steps to Reproduce
1. Call GET ...
Description
User passwords are stored in plaintext in the database. The User entity stores the raw password string and the
authenticate() method compares plaintext values.
Impact
CRITICAL - If the database ...
Description
The pom.xml explicitly declares Jackson Databind 2.13.0, which conflicts with the version managed by Spring Boot 2.7.18
parent POM.
!-- FIXME: jackson version conflict with spring boot parent ...
Description
GET /api/tasks returns ALL tasks. We now have 50,000+ tasks and this endpoint causes OutOfMemoryError in production.
Requirements
- Add pagination support (page, size parameters) on all ...
Context
We re still using Log4j 1.x (version 1.2.17) which has been EOL since 2015.
While this is NOT the same as the Log4Shell vulnerability (CVE-2021-44228, which affected Log4j 2.x), it still has ...
Description
WebConfig.java has CORS configured to allow ALL origins (*), ALL methods, and ALL headers. This was a temporary fix that
was never addressed.
// FIXME: This is too permissive
registry.addMapping( ...
Description
The custom sanitize() method in StringUtils only removes script tags but doesn t handle:
- img onerror=... payloads
- Event handlers (onload, onmouseover, etc.)
- URL-encoded payloads ...
Description
The pom.xml includes mysql-connector-java (8.0.28) but the application uses H2 in-memory database. MySQL is not
configured or used.
!-- TODO: someone added mysql but we never use it in prod ...
Context
With all the coupling issues in our monolith, should we consider breaking this into microservices?
Arguments For
- TaskService is too coupled to everything
- Scaling issues with the monolith ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.