Skip to content

v1.0.2
Compare
Choose a tag to compare
@devwithkrishna-app-token-generator devwithkrishna-app-token-generator released this 12 Apr 17:31
· 4 commits to main since this release
v1.0.2
2844f1e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Pull Request Title: If unsanitized user input is written to a log entry, a malicious user…

Pull Request URL: PR Link

Opened By: githubofkrishnadhas

Merged: True

Description: … may be able to forge new log entries.

Issue #1

To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the user input to prevent log forgery. This can be done by replacing \r\n and \n with empty strings.

We will modify the code to sanitize the item before logging it. This involves converting the item to a string and then replacing any newline characters.

Created At: 2025-04-12T17:28:59Z

Closed & Merged At: 2025-04-12T17:30:51Z

Assignees: githubofkrishnadhas

Total Commits: 1

What's Changed

Full Changelog: v1.0.1...v1.0.2

Contributors

githubofkrishnadhas
Assets 2
Loading