issues Search Results · language:Dune language:JavaScript language:JavaScript language:JavaScript language:Java
Filter by
33.2M results
wesleytech015Vulnerability
backend/src/middleware/auth.js does request.user = decoded. The decoded object is the full JWT payload, which includes {
id, role, typ, iat, exp, jti } (and for refresh tokens, a separate ...
backend
security
SEVERITY: P2-MEDIUM
rajat-wyrm
🎯 목적
기획 변경으로 나의 여정 일정에서 이미지 기능이 제거됨에 따라 관련 코드를 정리합니다.
📌 관련 요구사항
- 나의 여정 일정 생성/수정 시 이미지 URL 입력 불가
- 일정 응답에서 imageUrl 필드 제거
- DB 컬럼(image_url)은 유지하되 애플리케이션 레벨에서 사용하지 않음
✅ 세부 작업
- [ ] JourneySchedule ...
🖥️ task
jaejoong0529
Vulnerability
backend/src/modules/auth/service.js lines 41-55 — the login flow has three distinct branches:
1. Email does not exist → recordLoginAttempt(email, ip, false) + throw Invalid credentials ...
backend
security
SEVERITY: P1-HIGH
TIMING-ATTACK
📌 Refactor Description
- 재고 차감 처리 시 분산락 내부에서 수행되는 작업 범위를 검토하고, 동시성 제어가 필요한 핵심 로직과 단순 조회/응답 생성 로직을 분리합니다.
- 현재 재고 차감 흐름에서는 상품 조회, 재고 조회, 재고 차감, 응답 생성이 하나의 처리 흐름 안에 포함되어 있습니다.
동시성 제어가 필요한 핵심 구간은 ...
refactor
hellonaeunkim
Summary
mapping template works when values are defined directly in the form (values=a,b,c|mapping template=foo), but fails when
values come from an SMW property (property=bar|mapping template=foo).
Steps ...
bug
gesinn-it-gea
Is your feature request related to a problem? Please describe. The agreed direction for attestation modes (#9640) is
that monitor should be permissive — validate and log attestation-trust problems but ...
comp-jans-fido2
enhancement
kind-feature
imran-ishaq
Vulnerability
backend/src/app.js line 11 sets trustProxy: true. Per Fastify docs this means trust all proxies — the leftmost IP in
X-Forwarded-For becomes request.ip, which is then written verbatim into ...
AUTH-BYPASS
backend
security
SEVERITY: P1-HIGH
Vulnerability
backend/src/modules/team/routes.js PATCH /members/:id/manager does:
const wouldCycle = await checkHierarchyAccess(req.params.id, manager_id);
if (wouldCycle) return reply.status(400).send({ ...
backend
RACE-CONDITION
security
SEVERITY: P1-HIGH
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.