singlexyz/ChatGPT-Next-Web
1
0
Fork 0
forked from XiaoMo/ChatGPT-Next-Web
Code Pull Requests Activity
89bc98d26b
ChatGPT-Next-Web/app/store
History
B0zal 605dd72354
[+] CodeQL Report Fix log injection vulnerability in useSyncStore 
Severity : High
Sanitize the 'res' object before logging it in the 'check' method of useSyncStore to prevent log injection attacks.
The 'res' object is now sanitized by extracting only the necessary properties ('status', 'statusText', and 'headers') and logging the sanitized object instead.
This ensures that only safe and expected data is logged, mitigating the risk of log injection vulnerabilities.
2023-09-11 08:49:08 +07:00
..
access.ts feat: close #2754 add import/export to file 2023-09-11 00:20:23 +08:00
chat.ts fixup: fix type errors 2023-09-11 00:24:05 +08:00
config.ts fixup: minor sync fixup 2023-09-11 00:34:51 +08:00
index.ts feat: add session config modal 2023-04-23 01:27:15 +08:00
mask.ts fixup: minor sync fixup 2023-09-11 00:34:51 +08:00
prompt.ts feat: close #2754 add import/export to file 2023-09-11 00:20:23 +08:00
sync.ts [+] CodeQL Report Fix log injection vulnerability in useSyncStore 2023-09-11 08:49:08 +07:00
update.ts feat: close #2754 add import/export to file 2023-09-11 00:20:23 +08:00