issues Search Results · language:Dune language:JavaScript language:JavaScript language:TypeScript language:HTML linked:pr
Filter by
5.7M results
Summary
POST /api/notifications in apps/api/src/routes/notificationRoutes.js has no authMiddleware. Any unauthenticated user can
create notifications.
Impact
- Anonymous notification injection / spam ...
XananasX7
Summary
POST /api/reviews in apps/api/src/routes/reviewRoutes.js has no authMiddleware. Any unauthenticated user can post
reviews.
Impact
- Anonymous fake reviews can be submitted
- No reviewer ...
Summary
POST /api/proposals in apps/api/src/routes/proposalRoutes.js has no authMiddleware. Any unauthenticated user can submit
proposals for jobs.
Impact
- Anonymous proposal spam
- No freelancer ...
Summary
POST /api/messages in apps/api/src/routes/messageRoutes.js has no authMiddleware. Any unauthenticated user can post
messages.
Impact
- Anonymous message spam
- No sender identity attached ...
Summary
POST /api/uploads in apps/api/src/routes/uploadRoutes.js has no authMiddleware. Any unauthenticated user can upload
files to the server.
Impact
- Unauthenticated file uploads allowed
- Risk ...
Summary
POST /api/payments in apps/api/src/routes/paymentRoutes.js has no authMiddleware. Any unauthenticated user can initiate
payment operations.
Impact
- Unauthenticated users can trigger payment ...
Summary
POST /api/jobs in apps/api/src/routes/jobRoutes.js has no authMiddleware. Any unauthenticated user can create job
postings.
Impact
- Anonymous users can spam job listings
- No audit trail ...
Summary
app.use(cors()) in apps/api/src/app.js uses no origin restriction, effectively setting Access-Control-Allow-Origin: *.
This allows any domain to make credentialed cross-origin requests to the ...
Bug
Two related display bugs in devteam advise option descriptions, both in generateOptions in core/advise.js.
1. Wrong option letter in the ticket hint for PEER_REVIEW_RISK items
ticketHint is computed ...
bug
mumit-khan
PR3 (#457) added the bicep internalSecret param + KV resource + MCP container env, but deploy.yml never passes it to az
deployment — so even with the TRUERATE_INTERNAL_SECRET repo secret set, the MCP container ...
area:mcp
l-korous
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.